@nextclaw/companion
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/ui/assets/index-BTYfvO1Y.js | AI (source-diff): Standard Vite/React minified bundle; samples show React internals, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/dist-BcuyDkW0.js | AI (source-diff): Standard Vite-minified bundle; samples show readable NextClaw SDK client code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/dist-ByUrBc3d.js | AI (source-diff): Vite-bundled client SDK output; sample shows readable NextClaw API client code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/index-BOcApIzk.js | AI (source-diff): Vite-bundled React UI bundle; sample shows standard React/module boilerplate, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/index-Du-Z83J8.js | AI (source-diff): Standard Vite/React build bundle; samples show React internals and UI code, no malicious content. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/dist-C4JHqXPr.js | AI (source-diff): Standard Vite-bundled minified output; samples show legitimate NextClaw client SDK code. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/index-Dag-FDss.js | AI (source-diff): Standard Vite minified bundle; code is recognizable React/SDK output, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/ui/assets/dist-DQ3evH7b.js | AI (source-diff): Standard Vite minified bundle; code is recognizable React/SDK output, not obfuscated malware. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Spreads process.env to pass to Electron child process, immediately sanitizing ELECTRON_RUN_AS_NODE — standard Electron launcher pattern. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 (localhost) default for a local Electron companion shell — not a remote exfiltration endpoint. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 0.1.21 | 6 / 10 | |
| 0.1.20 | 6 / 10 | |
| 0.1.19 | 6 / 10 | |
| 0.1.18 | 6 / 10 | |
| 0.1.17 | 6 / 10 | |
| 0.1.16 | 6 / 10 | |
| 0.1.15 | 6 / 10 | |
| 0.1.14 | 6 / 10 | |
| 0.1.13 | 6 / 10 | |
| 0.1.12 | 6 / 10 | |
| 0.1.11 | 6 / 10 | |
| 0.1.10 | 6 / 10 | |
| 0.1.9 | 6 / 10 | |
| 0.1.8 | 6 / 10 | |
| 0.1.7 | 6 / 10 | |
| 0.1.6 | 6 / 10 | |
| 0.1.5 | 6 / 10 | |
| 0.1.4 | 6 / 10 | |
| 0.1.3 | 6 / 10 | |
| 0.1.2 | 6 / 10 | |
| 0.1.1 | 6 / 10 |
v0.1.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.4
2 findingsSpreading entire process.env into an object — may capture all secrets 7 | const electronBinary = loadModule("electron") as string; 8 | const mainEntryPath = resolve(__dirname, "main.js"); > 9 | const env = { ...process.env }; 10 | 11 | delete env.ELECTRON_RUN_AS_NODE;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
2 findingsSpreading entire process.env into an object — may capture all secrets 7 | const electronBinary = loadModule("electron") as string; 8 | const mainEntryPath = resolve(__dirname, "main.js"); > 9 | const env = { ...process.env }; 10 | 11 | delete env.ELECTRON_RUN_AS_NODE;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
2 findingsSpreading entire process.env into an object — may capture all secrets 7 | const electronBinary = loadModule("electron") as string; 8 | const mainEntryPath = resolve(__dirname, "main.js"); > 9 | const env = { ...process.env }; 10 | 11 | delete env.ELECTRON_RUN_AS_NODE;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
2 findingsSpreading entire process.env into an object — may capture all secrets 7 | const electronBinary = loadModule("electron") as string; 8 | const mainEntryPath = resolve(__dirname, "main.js"); > 9 | const env = { ...process.env }; 10 | 11 | delete env.ELECTRON_RUN_AS_NODE;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.