@ng-forge/dynamic-forms
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-BWFdMPyw.mjs | AI (source-diff): Standard Angular FESM2022 bundle with long lines; readable source, no obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-RN1hmG69.mjs | AI (source-diff): Standard Angular FESM2022 bundle; readable, commented source code. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-n4KTMOTm.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines from inlined CSS/templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-Be1Lk0qR.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines from inlined CSS/templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-array-field.component-Tw49K5kz.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines from inlined CSS/templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-row-wrapper.component-CFtnatYj.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines from inlined CSS/templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-group-field.component-DqnhddRH.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines from inlined CSS/templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-Bf6Qnz0T.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines are minified output, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-_mRHaw7x.mjs | AI (source-diff): Standard Angular FESM2022 bundle; readable imports and JSDoc confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-Sad9wa1d.mjs | AI (source-diff): Standard Angular fesm2022 bundle; long lines are minified output, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-Cen4ArED.mjs | AI (source-diff): Standard Angular fesm2022 bundle; long lines are minified output, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-WGww2nXx.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are from bundling, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-CrO9WTDw.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; readable Angular component code. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-Bm1KS0M6.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; same pattern as above. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-9JM7tFkl.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are minified but readable compiled TS, not obfuscation. | ai | |
| dependencies | unvetted-dep:ngxtension | AI (dependencies): ngxtension is a well-established Angular utilities library; not a suspicious dependency. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-DXXp5M0q.mjs | AI (source-diff): Standard ng-packagr FESM2022 bundle; long lines are minified Angular/RxJS code, not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation — expected CI/CD automation pattern. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-D6M_uJKu.mjs | AI (source-diff): Standard ng-packagr FESM2022 bundle; same pattern as above. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-m35XgkkL.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; same pattern as above. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-D58rojQc.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are minified but readable compiled TS, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-ng-forge-dynamic-forms-DHxoGouT.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are minified but readable compiled TS, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/ng-forge-dynamic-forms-page-field.component-Bt6blv9I.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; same pattern as above. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used to evaluate user-supplied form predicates in a dynamic forms library; expected pattern for this package's core functionality. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard Angular/TypeScript runtime implicit dependency; stable false positive for this package. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 0.9.0 | 2 / 0 | |
| 0.8.0 | 2 / 0 | |
| 0.7.0 | 2 / 0 | |
| 0.6.1 | 2 / 0 | |
| 0.6.0 | 2 / 0 | |
| 0.5.2 | 2 / 0 | |
| 0.5.1 | 2 / 0 | |
| 0.5.0 | 2 / 0 | |
| 0.4.0 | 2 / 0 | |
| 0.3.1 | 1 / 0 | |
| 0.3.0 | 1 / 0 | |
| 0.2.0 | 1 / 0 | |
| 0.1.3 | 1 / 0 | |
| 0.1.2 | 1 / 0 | |
| 0.1.1 | 1 / 0 | |
| 0.1.0 | 1 / 0 |
v0.9.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
4 findingsThis version was published by a different npm account than previous versions on 2026-03-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
4 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
4 findingsThis version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.