@murumets-ee/ticketing — Greenflagged

Helpdesk ticketing — tickets, messages, departments, SLA, CSAT, email threading, and SSE events.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ranx2k

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/ticket-C_NoxDta.mjs	AI (source-diff): Minified entity-definition bundle from tsdown build; content is legitimate ticketing schema code.	ai	2026/06/05
source-diff	obfuscated-file:dist/ticket-message-C3g9lf2k.mjs	AI (source-diff): Minified entity-definition bundle from tsdown build; content is legitimate ticket-message schema code.	ai	2026/06/05
source-diff	obfuscated-file:dist/en-Bxq7myra.mjs	AI (source-diff): tsdown bundle output; content is plaintext i18n locale strings, not obfuscated code.	ai	2026/06/04
source-diff	obfuscated-file:dist/ru-DrqwI-bj.mjs	AI (source-diff): tsdown bundle output; content is plaintext i18n locale strings (Russian), not obfuscated code.	ai	2026/06/04
source-diff	obfuscated-file:dist/et-D9uYByfC.mjs	AI (source-diff): tsdown bundle output; content is plaintext i18n locale strings (Estonian), not obfuscated code.	ai	2026/06/04
source-diff	obfuscated-file:dist/en-YxJFumY_.mjs	AI (source-diff): Minified i18n locale bundle from tsdown/rolldown build; content is plain translation strings.	ai	2026/06/04
source-diff	obfuscated-file:dist/ru-Cr8_YWtJ.mjs	AI (source-diff): Minified i18n locale bundle (Russian); content is plain translation strings.	ai	2026/06/04
source-diff	obfuscated-file:dist/et-D42ENA91.mjs	AI (source-diff): Minified i18n locale bundle (Estonian); content is plain translation strings.	ai	2026/06/04
source-diff	obfuscated-file:dist/ticket-message-DLY0QVhE.mjs	AI (source-diff): Minified entity-definition bundle from tsdown build; no malicious patterns.	ai	2026/06/03
source-diff	obfuscated-file:dist/ticket-Dk8OG3lP.mjs	AI (source-diff): Minified entity-definition bundle from tsdown build; no malicious patterns.	ai	2026/06/03
source-diff	obfuscated-file:dist/ticket-message-WJny-R9B.mjs	AI (source-diff): Minified entity definition bundle; content is readable business logic, not obfuscated code.	ai	2026/06/01
source-diff	obfuscated-file:dist/ticket-Cdp2RK4M.mjs	AI (source-diff): Minified entity definition bundle; content is readable business logic, not obfuscated code.	ai	2026/06/01
source-diff	obfuscated-file:dist/ticket-message-CNVsHHWA.mjs	AI (source-diff): Minified entity schema bundle from tsdown; content is readable entity definitions.	ai	2026/05/31
source-diff	obfuscated-file:dist/ticket-27mb3qG8.mjs	AI (source-diff): Minified entity schema bundle from tsdown; content is readable entity definitions.	ai	2026/05/31
source-diff	obfuscated-file:dist/et-B6Jyui1g.mjs	AI (source-diff): Minified i18n locale bundle from tsdown build; no malicious content.	ai	2026/05/30
source-diff	obfuscated-file:dist/ticket-message-Dctp5lnI.mjs	AI (source-diff): Minified entity schema bundle from tsdown build; content is legitimate ticketing domain logic.	ai	2026/05/30
source-diff	obfuscated-file:dist/ticket-5HE9gpX1.mjs	AI (source-diff): Minified entity schema bundle from tsdown build; content is legitimate ticketing domain logic.	ai	2026/05/30
source-diff	obfuscated-file:dist/ru-ComdI-vj.mjs	AI (source-diff): Minified i18n locale bundle from tsdown build; no malicious content.	ai	2026/05/30
source-diff	obfuscated-file:dist/en-1QowXb-p.mjs	AI (source-diff): Minified i18n locale bundle from tsdown build; no malicious content.	ai	2026/05/30
source-diff	obfuscated-file:dist/et-BSi6luyu.mjs	AI (source-diff): Bundler-minified i18n locale file; content is plaintext translation strings, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/ticket-sOVhwzyR.mjs	AI (source-diff): Bundler-minified Ticket entity; readable business logic, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/ticket-message-DvFQZWFP.mjs	AI (source-diff): Bundler-minified domain entity; readable business logic, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/ru-DBEDBz5m.mjs	AI (source-diff): Bundler-minified i18n locale file; content is plaintext translation strings, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/en-CSrQeQsT.mjs	AI (source-diff): Bundler-minified i18n locale file; content is plaintext translation strings, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/ticket-Cfiyy4HE.mjs	AI (source-diff): Minified rolldown build output; content is entity/behavior definitions with no malicious patterns.	ai	2026/05/24
source-diff	obfuscated-file:dist/ticket-read-state-DfuViCw-.mjs	AI (source-diff): Minified rolldown build output; content is realtime/presence helpers and DB table definitions.	ai	2026/05/24
source-diff	obfuscated-file:dist/ticket-message-8rxB9yoJ.mjs	AI (source-diff): Minified rolldown build output; content is ticket-message entity logic, no exfiltration or shell patterns.	ai	2026/05/24
source-diff	obfuscated-file:dist/schema-Dwuwf_zL.mjs	AI (source-diff): Minified rolldown build output; content is plaintext drizzle-orm schema definitions, not obfuscated malware.	ai	2026/05/24
source-diff	obfuscated-file:dist/et-DUjxnzj_.mjs	AI (source-diff): Standard Rolldown minified i18n locale bundle (Estonian); no obfuscation.	ai	2026/05/18
phantom-deps	phantom-dep:@murumets-ee/auth	AI (phantom-deps): Same-org dep used via dynamic import in minified bundle; phantom-dep heuristic is a false positive here.	ai	2026/05/18
phantom-deps	phantom-dep:zod	AI (phantom-deps): Monorepo build pattern; zod used transitively or in config, stable false positive for this package.	ai	2026/05/18
source-diff	obfuscated-file:dist/ticket-read-state-BU_1Tdfr.mjs	AI (source-diff): Rolldown minified realtime/table definition; readable business logic, no malicious patterns.	ai	2026/05/18
source-diff	obfuscated-file:dist/ticket-message-B9Dl1fhq.mjs	AI (source-diff): Rolldown minified entity definition; readable business logic, no malicious patterns.	ai	2026/05/18
source-diff	obfuscated-file:dist/ticket-DtOKYAUM.mjs	AI (source-diff): Rolldown minified entity definition; readable business logic, no malicious patterns.	ai	2026/05/18
source-diff	obfuscated-file:dist/ru-Cntna9XO.mjs	AI (source-diff): Standard Rolldown minified i18n locale bundle (Russian); no obfuscation.	ai	2026/05/18
source-diff	obfuscated-file:dist/en-Dy_aL6BV.mjs	AI (source-diff): Standard Rolldown minified i18n locale bundle; content is plaintext translation strings, not obfuscated code.	ai	2026/05/18
source-diff	obfuscated-file:dist/en-Bg4GCglJ.mjs	AI (source-diff): Minified i18n bundle; readable content, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/et-o3ukW1vZ.mjs	AI (source-diff): Minified i18n bundle; readable content, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/ru-BRCHrozR.mjs	AI (source-diff): Minified i18n bundle; readable content, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/plugin-DzzgK7E5.mjs	AI (source-diff): Minified rolldown build output; legitimate plugin/ORM code.	ai	2026/05/06
source-diff	obfuscated-file:dist/processor-_AnhDV_c.mjs	AI (source-diff): Minified rolldown build output; legitimate email processor code.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-DfE91zym.mjs	AI (source-diff): Minified rolldown build output; legitimate entity definition code.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-BdYnxaXu.mjs	AI (source-diff): Minified rolldown build output; legitimate entity hook code.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-BNnUydxr.mjs	AI (source-diff): Minified ticket-message entity bundle; readable entity logic.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-C3drPacj.mjs	AI (source-diff): Minified ticket entity bundle; readable entity/field definitions.	ai	2026/05/06
source-diff	obfuscated-file:dist/processor-Dg6QCE5d.mjs	AI (source-diff): Minified email processor bundle; readable inbound mail logic, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/plugin-a-mcqEiG.mjs	AI (source-diff): Minified plugin bundle; readable ORM/entity logic, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/plugin-CoBkWpkH.mjs	AI (source-diff): Minified plugin bundle with readable Drizzle ORM schema; standard tsdown output.	ai	2026/05/06
source-diff	obfuscated-file:dist/processor-D5Prge0l.mjs	AI (source-diff): Minified email processor logic; readable business logic, no malicious patterns.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-CpSkB2Jd.mjs	AI (source-diff): Minified entity definition; domain-coherent ticketing logic, no malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/en-DBWwj8s5.mjs	AI (source-diff): Minified locale/i18n bundle; no obfuscation or malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/et-BqjtNJGF.mjs	AI (source-diff): Minified locale/i18n bundle; no obfuscation or malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/ru-CqnkxxAk.mjs	AI (source-diff): Minified locale/i18n bundle; no obfuscation or malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-gdtuvHF6.mjs	AI (source-diff): Minified entity definition; domain-coherent ticketing logic, no malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/et-CmkJEv2L.mjs	AI (source-diff): Minified i18n locale bundle (Estonian); same pattern as en bundle.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-D8d9vmm_.mjs	AI (source-diff): Minified ticket-message entity bundle; standard entity definitions.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-B9M2WoB1.mjs	AI (source-diff): Minified ticket entity bundle; standard entity/field definitions.	ai	2026/05/06
source-diff	obfuscated-file:dist/schema-BaZvAEvN.mjs	AI (source-diff): Minified Drizzle ORM schema bundle; standard DB schema definitions.	ai	2026/05/06
source-diff	obfuscated-file:dist/processor-D9fqveOc.mjs	AI (source-diff): Minified email processor bundle; content is inbound email matching logic, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/plugin-BS3w7gN8.mjs	AI (source-diff): Minified plugin bundle from tsdown; content is Drizzle ORM schema + config logic, no malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/ru-DxoWOcrR.mjs	AI (source-diff): Minified i18n locale bundle (Russian); same pattern as en bundle.	ai	2026/05/06
source-diff	obfuscated-file:dist/en-8iaiXBEz.mjs	AI (source-diff): Minified i18n locale bundle from tsdown build; no obfuscation, just long single-line JSON.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-76hnYwYi.mjs	AI (source-diff): Minified ticket-message entity; content is readable business logic, no malicious payload.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-BefWjVa7.mjs	AI (source-diff): Minified ticket entity definition with business logic; content is readable and benign.	ai	2026/05/06
phantom-deps	phantom-dep:@murumets-ee/media	AI (phantom-deps): Same org scope; likely used via dynamic import in minified bundle.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-B5LNyFbG.mjs	AI (source-diff): Minified ticket message entity logic; standard status-transition hooks, no malicious patterns.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-DmTZiyFC.mjs	AI (source-diff): Minified ticket entity logic; content is standard ORM/entity framework code, no malicious patterns.	ai	2026/05/06
phantom-deps	phantom-dep:@murumets-ee/storage	AI (phantom-deps): Same org scope; likely used via dynamic import in minified bundle.	ai	2026/05/06
phantom-deps	phantom-dep:sanitize-html	AI (phantom-deps): Likely used at runtime via dynamic import or peer usage pattern within the org monorepo.	ai	2026/05/06
source-diff	obfuscated-file:dist/en-Lj8iDgCB.mjs	AI (source-diff): i18n translation strings bundled as single-line JS object — not obfuscated.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-message-DQzkVcPv.mjs	AI (source-diff): Minified entity definition for ticket messages — standard build output.	ai	2026/05/06
source-diff	obfuscated-file:dist/ticket-CKU43qGT.mjs	AI (source-diff): Minified entity definition for tickets — standard build output.	ai	2026/05/06
source-diff	obfuscated-file:dist/schema-DzrrYuAs.mjs	AI (source-diff): Minified Drizzle ORM schema definitions — standard build output.	ai	2026/05/06
source-diff	obfuscated-file:dist/ru-C23l1j5A.mjs	AI (source-diff): Russian translation strings bundled as single-line JS object — not obfuscated.	ai	2026/05/06
source-diff	obfuscated-file:dist/et-BW9u_e05.mjs	AI (source-diff): Estonian translation strings bundled as single-line JS object — not obfuscated.	ai	2026/05/06
source-diff	obfuscated-file:dist/plugin-CdT7Le6f.mjs	AI (source-diff): Bundler output (tsdown chunk); content is readable business logic, not obfuscated malware.	ai	2026/04/30
source-diff	obfuscated-file:dist/plugin-E4Xu6OBF.mjs	AI (source-diff): Standard minified ESM bundle from tsdown build; content is readable ticketing business logic, no malicious patterns.	ai	2026/04/30
source-diff	obfuscated-file:dist/plugin-DI-Dgahv.mjs	AI (source-diff): Minified ESM bundle output from tsdown; content is readable domain logic, not obfuscated malware.	ai	2026/04/30
source-diff	obfuscated-file:dist/plugin-CClgp1KS.mjs	AI (source-diff): Minified bundler output (tsdown/rollup); code is readable domain logic, not obfuscated malware.	ai	2026/04/30
phantom-deps	phantom-dep:@murumets-ee/queue	AI (phantom-deps): Same-org dep; likely imported transitively through bundled output rather than directly.	ai	2026/04/30
phantom-deps	phantom-dep:@murumets-ee/logging	AI (phantom-deps): Same-org dep; likely imported transitively through bundled output rather than directly.	ai	2026/04/30
phantom-deps	phantom-dep:@murumets-ee/db	AI (phantom-deps): Same-org dep; likely imported transitively through bundled output rather than directly.	ai	2026/04/30
source-diff	obfuscated-file:dist/admin/routes.mjs	AI (source-diff): tsdown-minified ESM bundle; samples show SQL query helpers, no malicious patterns.	ai	2026/04/30
source-diff	obfuscated-file:dist/plugin-CRq2ZLZT.mjs	AI (source-diff): tsdown-minified ESM bundle; samples show plain ticketing domain logic, no malicious patterns.	ai	2026/04/30
phantom-deps	phantom-dep:@murumets-ee/mail	AI (phantom-deps): Same-org dep; likely imported transitively through bundled output rather than directly.	ai	2026/04/30

Versions (showing 51 of 58)

View all versions

Version	Deps	Published
0.25.0	16 / 5	2026/05/29
0.24.1	16 / 5	2026-05-29
0.24.0	16 / 5	2026-05-29
0.23.2	16 / 5	2026-05-24
0.23.1	16 / 5	2026-05-23
0.23.0	16 / 5	2026-05-23
0.22.1	16 / 5	2026-05-22
0.22.0	16 / 5	2026-05-22
0.21.1	16 / 5	2026-05-21
0.21.0	16 / 5	2026-05-21
0.20.0	16 / 5	2026-05-20
0.19.0	16 / 5	2026-05-14
0.18.0	16 / 5	2026-05-14
0.17.1	16 / 5	2026-05-13
0.17.0	16 / 5	2026-05-13
0.16.5	16 / 5	2026-05-13
0.16.4	16 / 5	2026-05-13
0.16.3	16 / 5	2026-05-13
0.16.2	16 / 5	2026-05-13
0.16.1	16 / 5	2026-05-12
0.16.0	16 / 5	2026-05-12
0.15.4	16 / 5	2026-05-12
0.15.3	16 / 5	2026-05-12
0.15.2	16 / 5	2026-05-12
0.15.1	16 / 5	2026-05-12
0.15.0	16 / 5	2026-05-11
0.14.0	15 / 5	2026-05-11
0.13.3	15 / 5	2026-05-10
0.13.2	15 / 5	2026-05-10
0.13.1	15 / 5	2026-05-08
0.13.0	15 / 5	2026-05-08
0.12.0	15 / 5	2026-05-05
0.11.0	13 / 5	2026-04-27
0.10.0	13 / 5	2026-04-26
0.9.0	13 / 5	2026-04-25
0.8.0	13 / 5	2026-04-25
0.7.0	12 / 4	2026-04-24
0.6.1	12 / 4	2026-04-24
0.6.0	12 / 4	2026-04-24
0.5.1	12 / 4	2026-04-22
0.5.0	12 / 4	2026-04-22
0.4.8	12 / 4	2026-04-22
0.4.6	12 / 4	2026-04-21
0.4.5	12 / 4	2026-04-20
0.4.0	12 / 4	2026-04-18
0.3.0	12 / 4	2026-04-16
0.2.4	9 / 4	2026-04-12
0.2.3	9 / 4	2026-04-12
0.2.2	9 / 4	2026-04-12
0.2.1	9 / 4	2026-04-12
0.2.0	9 / 4	2026-04-10