@miravo/cli-linux-x64-musl
Miravo platform binary for linux-x64-musl.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:console-dist/assets/tabs-CCixnxMe.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/select-CMOnuEoT.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-BqiDQT2r.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-DbzXekvY.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/not-found-BbQLiHmm.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-DhRo1Ytd.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-BJaFYYGh.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-STqgvf7K.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-B_Xu4s7C.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/format-B9CcV2dj.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-C20wXA8E.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-BTqDmbVu.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-W3TI0pmx.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-Bf6pFRhP.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-DqOwOydE.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/copy-button-DnGsXbVV.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-BLUTBbet.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/combobox-BJecIYHE.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-BVf5gGJM.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-DAJ-rQYR.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-D2Hnc-qx.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-DGtW0Fh4.js | AI (source-diff): Standard Vite/Rolldown minified bundle; ES module imports and React patterns confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-DDHh7IxX.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-DT5WAB9u.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DmjNAhq5.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-DMpCBVAp.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-pSpdGZnr.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-YW1mEMDX.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-CVOl1-Oc.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-B6QpC1oU.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-DdNy8e5C.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BsyqlJKi.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-C6Lt-RSI.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-CNF5b2a7.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-BJnaKdCX.js | AI (source-diff): Standard Vite/Rolldown minified bundle; legitimate SPA build artifact. | ai | |
| source-diff | obfuscated-file:console-dist/assets/api-D8oAzcVE.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle output; samples show React/TanStack Query code, not malicious obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are Vite-built frontend bundle chunks; expected for a CLI with embedded web console. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-platform-stream-DBZo6HMM.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/use-engine-command-mutation-CcfqRB7j.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/tags-BI93Dvh2.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/query-fetch-error-NbPqVPRR.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/platforms-BwYPf2Sg.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/models-CFdqSxB3.js | AI (source-diff): Minified Vite bundle; UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/login-C5dQKX2Y.js | AI (source-diff): Minified Vite bundle; login UI component. | ai | |
| source-diff | obfuscated-file:console-dist/assets/instance-detail-DWELGCE1.js | AI (source-diff): Minified Vite bundle; samples show UI component code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/fleet-CH141gbg.js | AI (source-diff): Minified Vite bundle; samples show UI component code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/events-CeR9wTII.js | AI (source-diff): Minified Vite bundle; samples show UI component code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/control-DCNd1A3U.js | AI (source-diff): Minified Vite bundle; samples show UI component code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-source-BU77f8QO.js | AI (source-diff): Minified Vite bundle; samples show UI component code. | ai | |
| source-diff | obfuscated-file:console-dist/assets/catalog-B_wh8kje.js | AI (source-diff): Minified Vite bundle; samples show UI component code with recognizable React patterns. | ai | |
| source-diff | obfuscated-file:console-dist/assets/index-ClSUHPGP.js | AI (source-diff): Vite bundle entry point with __vite__mapDeps; clearly a frontend build artifact. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform-specific binary packages legitimately have no deps, minimal README, and no keywords. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires in a bundled frontend asset (rollup/vite output); standard pattern in compiled UI bundles, not malicious obfuscation. | ai |
v0.7.9
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.