@ngageoint/mage.web-app
The Mage web-app is the UI for interacting with the Mage service in a web browser.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:admin/main.9bf816f5cb034ac9.js | AI (source-diff): Angular HTTP client + dynamic component loading; not dropper malware. | ai | |
| source-diff | obfuscated-file:admin/main.9bf816f5cb034ac9.js | AI (source-diff): Standard webpack/Angular minified bundle chunk. | ai | |
| source-diff | net-exec-file:app/812.51fb37f929d2d2b4.js | AI (source-diff): Angular HTTP client + dynamic component loading; not dropper malware. | ai | |
| source-diff | obfuscated-file:app/812.51fb37f929d2d2b4.js | AI (source-diff): Standard webpack/Angular minified bundle chunk. | ai | |
| source-diff | obfuscated-file:admin/main.1bfbf67fe97244c3.js | AI (source-diff): Standard webpack-minified Angular bundle; not obfuscation. | ai | |
| source-diff | net-exec-file:app/812.603b1f35bef6fcee.js | AI (source-diff): Angular SPA bundle; network calls and dynamic module loading are normal app behavior. | ai | |
| source-diff | obfuscated-file:app/812.603b1f35bef6fcee.js | AI (source-diff): Standard webpack-minified Angular bundle; not obfuscation. | ai | |
| publish-pattern | suspicious-version-number | AI (publish-pattern): 6.6.6 is a legitimate semver for this established NGA package with 50 published versions. | ai | |
| source-diff | net-exec-file:admin/main.1bfbf67fe97244c3.js | AI (source-diff): Angular SPA bundle; network calls and dynamic module loading are normal app behavior. | ai | |
| source-diff | obfuscated-file:admin/main.5102287718fecc9d.js | AI (source-diff): Standard Angular/webpack minified bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:app/327.bdc65aad14cfec0a.js | AI (source-diff): Standard Angular/webpack minified bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:app/812.866118b95570849a.js | AI (source-diff): Standard Angular/webpack minified bundle output; not obfuscation. | ai | |
| source-diff | net-exec-file:app/812.866118b95570849a.js | AI (source-diff): webpack chunk loader pattern; network+exec heuristic is a false positive for Angular SPA bundles. | ai | |
| source-diff | net-exec-file:admin/main.5102287718fecc9d.js | AI (source-diff): webpack chunk loader pattern; false positive for Angular SPA bundles. | ai | |
| source-diff | obfuscated-file:app/386.f7ec9c0ee08c7d30.js | AI (source-diff): Standard webpack/Angular minified bundle chunk. | ai | |
| source-diff | obfuscated-file:app/812.9f1b9f0bdeaaea5d.js | AI (source-diff): Standard webpack/Angular minified bundle chunk. | ai | |
| source-diff | net-exec-file:admin/main.80e439150a0fe0f6.js | AI (source-diff): HTTP client + dynamic module loading is normal Angular SPA behavior. | ai | |
| source-diff | net-exec-file:app/812.9f1b9f0bdeaaea5d.js | AI (source-diff): HTTP client + dynamic module loading is normal Angular SPA behavior, not dropper malware. | ai | |
| source-diff | obfuscated-file:admin/main.80e439150a0fe0f6.js | AI (source-diff): Standard webpack/Angular minified bundle chunk. | ai | |
| source-diff | obfuscated-file:app/327.45f6762189d4f9cc.js | AI (source-diff): Standard Angular webpack bundle; minified lines are normal build output for this web-app package. | ai | |
| source-diff | net-exec-file:admin/main.5faea6c41e6b8b74.js | AI (source-diff): Angular HTTP client + dynamic module loading in SPA bundle; not dropper malware. | ai | |
| source-diff | obfuscated-file:app/199.3d5fc0edd949037c.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/250.6d1cf6c3d8652d21.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/327.ef486cbf23d00431.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/386.438324890779693e.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/453.cb07161e748f54d9.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/812.91279e89943a4842.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | net-exec-file:app/812.91279e89943a4842.js | AI (source-diff): Angular HTTP client + dynamic module loading in SPA bundle; not dropper malware. | ai | |
| source-diff | obfuscated-file:app/839.ba355e5586fde442.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/857.1b06fe63bb08f214.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | net-exec-file:app/857.1b06fe63bb08f214.js | AI (source-diff): Angular HTTP client + dynamic module loading in SPA bundle; not dropper malware. | ai | |
| source-diff | obfuscated-file:app/969.8f2eb9fc2d4d70c0.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/common.e98c7b5dbe7c5c64.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:admin/main.5faea6c41e6b8b74.js | AI (source-diff): Standard webpack-minified Angular chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:app/main.db52dc2001cbb53a.js | AI (source-diff): Standard webpack-minified Angular main bundle; not obfuscated malware. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get in Angular compiled output is standard framework usage, not evasion. | ai | |
| source-diff | obfuscated-file:app/203.0c5c6b6f489c62af.js | AI (source-diff): Standard webpack-minified Angular bundle; zxcvbn password strength library content visible in sample. | ai | |
| source-diff | obfuscated-file:app/main.c1aabb310d3b52f2.js | AI (source-diff): Standard webpack-minified Angular main bundle. | ai | |
| source-diff | net-exec-file:admin/main.04b61cb92a89900c.js | AI (source-diff): webpack module loader pattern; not a dropper. | ai | |
| source-diff | obfuscated-file:admin/main.04b61cb92a89900c.js | AI (source-diff): Standard webpack-minified Angular admin bundle. | ai | |
| source-diff | obfuscated-file:app/943.86324114c9395c19.js | AI (source-diff): Standard webpack-minified Angular bundle. | ai | |
| source-diff | obfuscated-file:app/614.ef58b32a915591d7.js | AI (source-diff): Standard webpack-minified Angular bundle. | ai | |
| source-diff | obfuscated-file:app/556.94001d9d24240c80.js | AI (source-diff): Standard webpack-minified Angular bundle. | ai | |
| source-diff | net-exec-file:app/530.44d553dfd6ce8fc8.js | AI (source-diff): webpack module loader pattern calling a[e].call(); not a dropper. | ai | |
| source-diff | obfuscated-file:app/530.44d553dfd6ce8fc8.js | AI (source-diff): Standard webpack-minified bundle; ImmutableJS library code visible in sample. | ai | |
| source-diff | obfuscated-file:app/452.0982bee5def634f6.js | AI (source-diff): Standard webpack-minified Angular Material bundle. | ai | |
| source-diff | net-exec-file:app/440.74520cec57f13a7b.js | AI (source-diff): webpack module loader pattern; not a dropper. | ai | |
| source-diff | obfuscated-file:app/440.74520cec57f13a7b.js | AI (source-diff): Standard webpack-minified bundle; color utility library code visible in sample. | ai | |
| source-diff | obfuscated-file:app/24.cb9e8e2d0c9abfaa.js | AI (source-diff): Standard webpack-minified Angular bundle; MAGE UI component code visible in sample. | ai | |
| source-diff | obfuscated-file:app/211.f2623d4b041960db.js | AI (source-diff): Standard webpack-minified Angular bundle; Angular component code visible in sample. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires in webpack-bundled Angular app output; template engine pattern, stable across versions. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 6.6.7 | 0 / 0 | |
| 6.6.6 | 0 / 0 | |
| 6.6.5 | 0 / 0 | |
| 6.6.4 | 0 / 0 | |
| 6.6.3 | 0 / 0 | |
| 6.6.2 | 0 / 0 | |
| 6.6.1 | 0 / 0 | |
| 6.5.8 | 0 / 0 |
v6.6.7
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.6
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.5
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.4
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.3
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.2
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.6.1
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.