@murumets-ee/blocks
Block rendering utilities — rich text renderer with HTML sanitization and Slate JSON support.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@murumets-ee/content-api | AI (phantom-deps): Same org monorepo package; bundled into dist outputs. | ai | |
| phantom-deps | phantom-dep:@tiptap/pm | AI (phantom-deps): Peer/transitive dep of tiptap ecosystem; used indirectly via @tiptap/core. | ai | |
| phantom-deps | phantom-dep:@tiptap/core | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| phantom-deps | phantom-dep:@tiptap/react | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| phantom-deps | phantom-dep:sanitize-html | AI (phantom-deps): Bundled into dist; visible in core.mjs imports. | ai | |
| phantom-deps | phantom-dep:react-colorful | AI (phantom-deps): Bundled into dist; visible in editor.mjs imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/starter-kit | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| source-diff | obfuscated-file:dist/contributions.mjs | AI (source-diff): Standard minified ESM bundle from tsdown; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core.mjs | AI (source-diff): Standard minified ESM bundle; sanitize-html/react imports visible, no exfiltration. | ai | |
| source-diff | obfuscated-file:dist/editor.mjs | AI (source-diff): Standard minified ESM bundle; tiptap/immer/zod/dnd-kit imports visible, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/plugin.mjs | AI (source-diff): Standard minified ESM bundle; drizzle-orm/zod imports visible, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/render.mjs | AI (source-diff): Standard minified ESM bundle; react rendering logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/server.mjs | AI (source-diff): Standard minified ESM bundle; drizzle-orm/zod/fs imports visible, no exfiltration. | ai | |
| source-diff | obfuscated-file:dist/traits.mjs | AI (source-diff): Standard minified ESM bundle; trait field definitions, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/editor.d.mts | AI (source-diff): TypeScript declaration file with long lines; not executable, not obfuscated. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major feature expansion (editor, server, plugin modules) with bundleBudget config confirming intentional size. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Minified ESM build output from tsdown; content is a benign HTML sanitizer/renderer with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/react.mjs | AI (source-diff): Minified ESM build output from tsdown; React wrapper around the same benign HTML sanitizer logic. | ai | |
| source-diff | obfuscated-file:dist/react.cjs | AI (source-diff): Standard tsup minified output; mirrors index.cjs with React renderer, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Standard tsup minified output; code is readable HTML sanitization logic, no malicious patterns. | ai |
Versions (showing 51 of 52)
| Version | Deps | Published |
|---|---|---|
| 0.25.0 | 17 / 11 | |
| 0.24.1 | 17 / 11 | |
| 0.24.0 | 17 / 11 | |
| 0.23.2 | 1 / 10 | |
| 0.23.1 | 1 / 10 | |
| 0.23.0 | 1 / 10 | |
| 0.22.1 | 1 / 10 | |
| 0.22.0 | 1 / 10 | |
| 0.21.1 | 1 / 10 | |
| 0.21.0 | 1 / 10 | |
| 0.20.0 | 1 / 10 | |
| 0.19.0 | 1 / 10 | |
| 0.18.0 | 1 / 10 | |
| 0.17.1 | 1 / 10 | |
| 0.17.0 | 1 / 10 | |
| 0.16.5 | 1 / 10 | |
| 0.16.4 | 1 / 10 | |
| 0.16.3 | 1 / 10 | |
| 0.16.2 | 1 / 10 | |
| 0.16.1 | 1 / 10 | |
| 0.16.0 | 1 / 10 | |
| 0.15.4 | 1 / 10 | |
| 0.15.3 | 1 / 10 | |
| 0.15.2 | 1 / 10 | |
| 0.15.1 | 1 / 10 | |
| 0.15.0 | 1 / 10 | |
| 0.14.0 | 1 / 10 | |
| 0.13.3 | 1 / 10 | |
| 0.13.2 | 1 / 10 | |
| 0.13.1 | 1 / 10 | |
| 0.13.0 | 1 / 10 | |
| 0.12.0 | 1 / 10 | |
| 0.11.0 | 0 / 6 | |
| 0.10.0 | 0 / 6 | |
| 0.9.0 | 0 / 6 | |
| 0.8.0 | 0 / 6 | |
| 0.7.0 | 0 / 6 | |
| 0.6.1 | 0 / 6 | |
| 0.6.0 | 0 / 6 | |
| 0.5.1 | 0 / 6 | |
| 0.5.0 | 0 / 6 | |
| 0.4.8 | 0 / 6 | |
| 0.4.6 | 0 / 6 | |
| 0.4.5 | 0 / 6 | |
| 0.4.0 | 0 / 6 | |
| 0.3.0 | 0 / 6 | |
| 0.1.5 | 0 / 6 | |
| 0.1.4 | 0 / 6 | |
| 0.1.3 | 0 / 6 | |
| 0.1.2 | 0 / 6 | |
| 0.1.1 | 0 / 6 |
v0.25.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.