@miravo/cli-linux-arm64-musl
Miravo platform binary for linux-arm64-musl.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:console-dist/assets/tabs-CCixnxMe.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/select-CMOnuEoT.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-BqiDQT2r.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-DbzXekvY.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/not-found-BbQLiHmm.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-DhRo1Ytd.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-BJaFYYGh.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-STqgvf7K.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-B_Xu4s7C.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/format-B9CcV2dj.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-C20wXA8E.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-BTqDmbVu.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-W3TI0pmx.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-Bf6pFRhP.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset; minification is expected for shipped web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-DqOwOydE.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/copy-button-DnGsXbVV.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-BLUTBbet.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/combobox-BJecIYHE.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-BVf5gGJM.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-DAJ-rQYR.js | AI (source-diff): Standard Vite/Rolldown-bundled frontend asset. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-D2Hnc-qx.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-DGtW0Fh4.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-DDHh7IxX.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-DT5WAB9u.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DmjNAhq5.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-DMpCBVAp.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-pSpdGZnr.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-YW1mEMDX.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-CVOl1-Oc.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-B6QpC1oU.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-DdNy8e5C.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BsyqlJKi.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-C6Lt-RSI.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-CNF5b2a7.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-BJnaKdCX.js | AI (source-diff): Standard Vite/Rolldown minified bundle for web console UI. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-D8oAzcVE.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle; not malicious obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are a legitimate console UI build; expected for a CLI with embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-DBZo6HMM.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-CcfqRB7j.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-BI93Dvh2.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-NbPqVPRR.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BwYPf2Sg.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-CFdqSxB3.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-C5dQKX2Y.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-DWELGCE1.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-ClSUHPGP.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-CH141gbg.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-CeR9wTII.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DCNd1A3U.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-BU77f8QO.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-B_wh8kje.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform binary distribution package; no runtime deps, minimal README, and no keywords are expected for this package type. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires in a bundled Rolldown/Vite frontend asset; Reflect.get() is a standard bundler pattern, not obfuscation. | ai |
v0.7.9
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.