@miravo/cli-darwin-arm64
Miravo platform binary for darwin-arm64.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:console-dist/assets/api-DGtW0Fh4.js | AI (source-diff): Standard Vite/Rolldown minified bundle; readable React/TanStack Query patterns, no malicious code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-D2Hnc-qx.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-BJnaKdCX.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-CNF5b2a7.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-C6Lt-RSI.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BsyqlJKi.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-DdNy8e5C.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-B6QpC1oU.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-CVOl1-Oc.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-YW1mEMDX.js | AI (source-diff): Vite build artifact (entry point with __vite__mapDeps); no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-pSpdGZnr.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-DMpCBVAp.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DmjNAhq5.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-DT5WAB9u.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-DDHh7IxX.js | AI (source-diff): Vite build artifact for web console UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BwYPf2Sg.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-D8oAzcVE.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-B_wh8kje.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-BU77f8QO.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DCNd1A3U.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-CeR9wTII.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-CH141gbg.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-ClSUHPGP.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-DWELGCE1.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-C5dQKX2Y.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-CFdqSxB3.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-NbPqVPRR.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-BI93Dvh2.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-CcfqRB7j.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-DBZo6HMM.js | AI (source-diff): Standard Vite/Rolldown minified bundle output for a web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/copy-button-BvU3RDZa.js | AI (source-diff): Minified bundle; sonner toast library code visible in sample. | ai | |
| source-diff | obfuscated-file:console-dist/assets/combobox-BCaV1Wbo.js | AI (source-diff): Minified UI component bundle; miravo-specific CSS class names visible. | ai | |
| source-diff | obfuscated-file:console-dist/assets/dist-xY0pK9Wy.js | AI (source-diff): Minified bundle; nuqs URL state library code visible in sample. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-4ugKUt8n.js | AI (source-diff): Minified React component bundle; recognizable UI library imports. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-C4jQdH37.js | AI (source-diff): Minified React component bundle; recognizable UI library imports. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-CbdG58Mn.js | AI (source-diff): Minified React component bundle; recognizable UI library imports. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-DimikzPd.js | AI (source-diff): Standard Vite/Rollup minified bundle; TanStack Query internals visible in sample. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-BmyMgUK4.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-C_UOiHSF.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/not-found-D0nX2nrf.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-CmsbDw-2.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/proxy-Be4WzmcS.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-Bcg_UjHM.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/select-CmlY1M1a.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-k6fWu2DS.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-Ds1n4iXS.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/format-CshN6yEB.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-ne7gllQE.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-BP1rvN5g.js | AI (source-diff): Minified frontend bundle for embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/engine-store-DMULdR_V.js | AI (source-diff): Minified Zustand store; miravo-specific sessionStorage key visible. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires in bundled Vite/Rollup frontend asset; Reflect.get() is standard in modern JS build output, not obfuscation. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform binary distribution package; no deps/keywords/code-in-README is expected for this package type. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 0.7.9 | 0 / 0 | |
| 0.7.8 | 0 / 0 | |
| 0.7.5 | 0 / 0 | |
| 0.7.4 | 0 / 0 | |
| 0.6.5 | 0 / 0 |
v0.7.9
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.