@mp-assistant/dashboard
This template should help get you started developing with Vue 3 in Vite.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/assets/index-DFK7anQT.js | AI (source-diff): Standard Vite/Vue SPA bundle; minification triggers long-line heuristic but code is clearly legitimate framework output. | ai | |
| source-diff | net-exec-file:dist/assets/index-DFK7anQT.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic patterns are normal Vue SPA runtime behavior, not dropper/loader malware. | ai | |
| source-diff | net-exec-file:dist/assets/index-C2Kv50qx.js | AI (source-diff): Network+exec pattern is Vite's modulepreload polyfill + Vue reactivity; no dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/assets/index-C2Kv50qx.js | AI (source-diff): Standard Vite minified bundle; Vue 3 license headers visible in sample. Expected for this dashboard package. | ai | |
| source-diff | net-exec-file:dist/assets/index-DQT9Gr7f.js | AI (source-diff): Network calls and dynamic code are Vue/browser runtime patterns (fetch for modulepreload, dynamic component rendering), not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DQT9Gr7f.js | AI (source-diff): Standard Vite-minified Vue/Element Plus bundle; not obfuscation, just minification of a frontend SPA. | ai | |
| source-diff | net-exec-file:dist/assets/index-N3F7-2Tt.js | AI (source-diff): Network calls and dynamic patterns are from Vue/Element Plus framework code in a Vite bundle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-N3F7-2Tt.js | AI (source-diff): Standard Vite minified bundle; sample confirms Vue 3 runtime code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CdrNLJjt.js | AI (source-diff): Standard Vite-minified Vue SPA bundle; Vue/Element Plus copyright headers visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/index-CdrNLJjt.js | AI (source-diff): Network calls and dynamic code are part of the Vue runtime and modulepreload polyfill in a bundled SPA, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-GdCrPIw_.js | AI (source-diff): Standard Vite-minified SPA bundle; Vue/Element Plus copyright headers visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/index-GdCrPIw_.js | AI (source-diff): Network calls and dynamic code in a frontend bundle are normal SPA patterns (fetch for modulepreload, Vue reactivity). | ai | |
| source-diff | obfuscated-file:dist/assets/index-DZye0JH5.js | AI (source-diff): Standard Vite-minified SPA bundle; Vue/Element Plus license headers visible in sample. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/index-DZye0JH5.js | AI (source-diff): Network+exec pattern is browser fetch() + dynamic imports in a Vite SPA bundle, not dropper malware. | ai | |
| source-diff | net-exec-file:dist/assets/index-BqVsf85L.js | AI (source-diff): Network calls are modulepreload fetch() and Vue reactivity; no dropper behavior. Stable for this Vite-built dashboard package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BqVsf85L.js | AI (source-diff): Standard Vite-minified Vue SPA bundle; Vue 3 license headers visible in sample. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DlYFX94p.js | AI (source-diff): Standard Vite-minified SPA bundle; Vue/Element-Plus license headers visible in sample. Expected for this dashboard package. | ai | |
| source-diff | net-exec-file:dist/assets/index-DlYFX94p.js | AI (source-diff): Network calls and dynamic code are browser-side Vue SPA patterns (fetch for modulepreload, Vue reactivity). Not dropper behavior. | ai | |
| phantom-deps | phantom-dep:dayjs | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:fuzzysort | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:vue-router | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:element-plus | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:@mp-assistant/common | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:@element-plus/icons-vue | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:pinia-plugin-persistedstate | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:vue | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:qs | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:color | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai | |
| phantom-deps | phantom-dep:pinia | AI (phantom-deps): Vue/Vite frontend; dependencies referenced in config/entry, not direct imports. | ai |
Versions (showing 19 of 19)
| Version | Deps | Published |
|---|---|---|
| 0.1.18 | 11 / 12 | |
| 0.1.17 | 11 / 12 | |
| 0.1.16 | 11 / 12 | |
| 0.1.15 | 10 / 12 | |
| 0.1.14 | 10 / 12 | |
| 0.1.13 | 10 / 12 | |
| 0.1.12 | 10 / 12 | |
| 0.1.11 | 10 / 12 | |
| 0.1.10 | 10 / 12 | |
| 0.1.9 | 10 / 12 | |
| 0.1.8 | 10 / 12 | |
| 0.1.7 | 10 / 12 | |
| 0.1.6 | 10 / 12 | |
| 0.1.5 | 10 / 12 | |
| 0.1.4 | 10 / 12 | |
| 0.1.3 | 9 / 12 | |
| 0.1.2 | 9 / 12 | |
| 0.1.1 | 9 / 12 | |
| 0.0.1 | 9 / 12 |
v0.1.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.