@nocobase/plugin-data-visualization
Provides data visualization feature, including chart block and chart filter block, support line charts, area charts, bar charts and more than a dozen kinds of charts, you can also extend more chart types.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/950.3179615e27a45d93.js | AI (source-diff): Minified webpack chunk of @ant-design/plots chart library; consistent with this package's purpose. | ai | |
| source-diff | net-exec-file:dist/client/950.3179615e27a45d93.js | AI (source-diff): Network/exec pattern fires on charting library bundle code, not malicious dropper logic. | ai | |
| source-diff | obfuscated-file:dist/client/950.8011c2a1af58abe7.js | AI (source-diff): Webpack-minified chart library bundle (@ant-design/plots); minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/client/950.8011c2a1af58abe7.js | AI (source-diff): False positive on minified chart bundle; no actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/950.1be1cd03a9a857bf.js | AI (source-diff): Standard webpack-minified chart library bundle (G2/ant-design/plots); not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/950.1be1cd03a9a857bf.js | AI (source-diff): Network/exec pattern in a browser chart bundle is normal webpack chunk loading, not malware. | ai | |
| source-diff | net-exec-file:dist/client/950.8eead39d88c55f18.js | AI (source-diff): Chart rendering library legitimately uses network calls and dynamic code; no dropper pattern evident in the exports. | ai | |
| source-diff | obfuscated-file:dist/client/950.8eead39d88c55f18.js | AI (source-diff): Minified webpack chunk bundling @ant-design/plots chart library; expected for this data-visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/950.d9a7f82ccf57c132.js | AI (source-diff): False positive on minified chart library bundle; no actual dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/950.d9a7f82ccf57c132.js | AI (source-diff): Minified webpack chunk bundling @ant-design/plots chart library; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/client/950.5fbc895f46587e11.js | AI (source-diff): Chart rendering library bundle; network/eval patterns are from G2 visualization internals, not malware. | ai | |
| source-diff | obfuscated-file:dist/client/950.5fbc895f46587e11.js | AI (source-diff): Webpack-minified chart bundle (@ant-design/plots G2 charts); minification is expected for this package's build output. | ai | |
| source-diff | obfuscated-file:dist/client/950.d30d0ec04ad36ae9.js | AI (source-diff): Minified webpack chunk bundling @ant-design/plots chart library; standard build output for this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/950.d30d0ec04ad36ae9.js | AI (source-diff): Chart library bundle; network/exec pattern is from minified D3/G2 geo/canvas code, not malicious dropper behavior. | ai | |
| source-diff | net-exec-file:dist/client/950.394765a5f9b3359c.js | AI (source-diff): False positive on minified chart bundle; no actual dropper/loader behavior, just bundled chart rendering code. | ai | |
| source-diff | obfuscated-file:dist/client/950.394765a5f9b3359c.js | AI (source-diff): Minified webpack chunk bundling chart library (@ant-design/plots); standard build output for this visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/950.f13a62e4c497971c.js | AI (source-diff): Network/exec pattern in minified chart bundle is a false positive; no dropper behavior evident from exports. | ai | |
| source-diff | obfuscated-file:dist/client/950.f13a62e4c497971c.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots chart library; exports are chart components, not malware. | ai | |
| source-diff | net-exec-file:dist/client/950.7c0911c72fdd4087.js | AI (source-diff): Network calls and dynamic code in a visualization library bundle are expected; no dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/client/950.7c0911c72fdd4087.js | AI (source-diff): Standard webpack-minified chart library bundle (G2/ant-design/plots); not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/950.9fc70edb2afaddbd.js | AI (source-diff): Webpack-minified chart library bundle; not obfuscated malware. Stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/client/950.9fc70edb2afaddbd.js | AI (source-diff): Network/exec pattern fires on minified G2/plots chart bundle; no actual dropper behavior present. | ai | |
| source-diff | net-exec-file:dist/client/950.786735f6a5500ca1.js | AI (source-diff): Network calls and dynamic code are part of normal chart rendering; no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/client/950.786735f6a5500ca1.js | AI (source-diff): Standard webpack-minified chart bundle (G2/ant-design/plots); not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/950.f20995c1b41a7ff6.js | AI (source-diff): Network/exec pattern fires on chart rendering library code, not malicious dropper logic. | ai | |
| source-diff | obfuscated-file:dist/client/950.f20995c1b41a7ff6.js | AI (source-diff): Minified webpack chunk of @ant-design/plots chart library; expected artifact for this data-visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/950.045d046300e40bd0.js | AI (source-diff): Chart rendering bundle; network/eval patterns are from G2 visualization library internals, not malware. | ai | |
| source-diff | obfuscated-file:dist/client/950.045d046300e40bd0.js | AI (source-diff): Standard webpack-minified chart bundle (G2/ant-design/plots); not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/950.25c44a550fd6027e.js | AI (source-diff): Network/exec pattern is from chart rendering library internals, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/950.25c44a550fd6027e.js | AI (source-diff): Standard webpack minified chart library bundle (G2/ant-design/plots); not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/950.01b918a9d5d07cd7.js | AI (source-diff): Network/exec pattern in minified chart bundle is from geo/rendering library code, not malicious dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/950.01b918a9d5d07cd7.js | AI (source-diff): Webpack-minified bundle of @ant-design/plots chart library; standard build artifact for this visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/950.21cc5cd2d1f652db.js | AI (source-diff): Webpack-minified chart library bundle (@ant-design/plots/G2); long lines are standard minification, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/950.21cc5cd2d1f652db.js | AI (source-diff): Network/exec pattern in minified chart bundle is from G2 rendering internals, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/client/950.92f64c641136a7b0.js | AI (source-diff): Network calls and dynamic code in G2 charting library bundle are standard chart rendering patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/950.92f64c641136a7b0.js | AI (source-diff): Webpack-minified chart library bundle (@ant-design/plots/G2); minification is expected for this data-visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/c3ddaaf890365ded.js | AI (source-diff): False positive: geo-projection and chart rendering code from d3-geo/G2 library. No actual network fetch + code execution dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/client/c3ddaaf890365ded.js | AI (source-diff): 1.2MB webpack bundle of @ant-design/plots G2 chart library including d3-geo projections. Matches package.json devDependency. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/e842f62733109f11.js | AI (source-diff): False positive: webpack module system and D3 geo functions trigger the rule. No malicious network fetch or dynamic code execution present in the bundle. | ai | |
| source-diff | obfuscated-file:dist/client/e842f62733109f11.js | AI (source-diff): This is a standard webpack production bundle of @ant-design/plots (G2Plot + D3). Minified output is expected for this data visualization plugin; not actual obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/0f485176466eb3f5.js | AI (source-diff): False positive: file is a bundled visualization library (G2/AntV) with chart data fetching. No malicious network+exec pattern present. | ai | |
| source-diff | obfuscated-file:dist/client/0f485176466eb3f5.js | AI (source-diff): Standard webpack-bundled chart library chunk (@ant-design/plots/G2). Minification is expected for client dist files in NocoBase plugins. | ai | |
| source-diff | obfuscated-file:dist/client/8e23ac3bd57512a8.js | AI (source-diff): This is a standard webpack-minified bundle of @ant-design/plots (G2 charting library). Minified client bundles are expected for this NocoBase visualization plugin across all versions. | ai | |
| source-diff | net-exec-file:dist/client/8e23ac3bd57512a8.js | AI (source-diff): Network calls and dynamic module loading in this file are webpack chunk-loading and chart data fetching — standard patterns for a bundled React data visualization plugin, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/client/2331ead8ec931d13.js | AI (source-diff): False positive: network+exec pattern in webpack bundle is standard module loading, not dropper malware. Content is identifiable chart library code. | ai | |
| source-diff | obfuscated-file:dist/client/2331ead8ec931d13.js | AI (source-diff): Standard webpack-bundled chart library code (@ant-design/plots/G2). Minification is expected for client-side bundles in this NocoBase plugin. | ai | |
| source-diff | obfuscated-file:dist/client/20877b7376bb2381.js | AI (source-diff): This is a standard webpack chunk bundling @ant-design/plots (G2 charting library). Minification is expected for frontend build artifacts in this package. | ai | |
| source-diff | net-exec-file:dist/client/20877b7376bb2381.js | AI (source-diff): Network calls and dynamic evaluation in this webpack bundle are from the G2/ant-design/plots charting library, not malicious dropper behavior. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist/client/23aa6371922c771e.js | AI (source-diff): This is a standard webpack chunk bundling @ant-design/plots chart library. Minified output is expected for NocoBase client bundles; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/23aa6371922c771e.js | AI (source-diff): Network+exec pattern is a false positive from chart library internals (gl-matrix, canvas rendering). No dropper/loader behavior present in the webpack chunk. | ai | |
| source-diff | net-exec-file:dist/client/1b8b266cb4ff5314.js | AI (source-diff): Network+exec pattern is webpack chunk-loading boilerplate for a frontend charting bundle, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/client/1b8b266cb4ff5314.js | AI (source-diff): File is a standard webpack bundle of @ant-design/plots (G2 charting library). Minification is expected; no malicious content detected. | ai | |
| source-diff | obfuscated-file:dist/client/a014450458289d99.js | AI (source-diff): Webpack-bundled client chunk for @ant-design/plots charting library; minified long lines are expected output for this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/a014450458289d99.js | AI (source-diff): False positive: webpack dynamic module loading in bundled chart library code, not dropper/loader malware. Consistent with @ant-design/plots bundling pattern. | ai | |
| source-diff | net-exec-file:dist/client/77e32f4b5ffc9b44.js | AI (source-diff): Network + dynamic execution patterns in this file are from charting library internals (data fetching + canvas/WebGL rendering). No dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/77e32f4b5ffc9b44.js | AI (source-diff): This is a standard webpack-minified client bundle for a charting plugin (G2/AntD Plots). Minified dist files are expected for NocoBase frontend plugins; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/c030d9c75a3479a4.js | AI (source-diff): This is a standard webpack-bundled chunk of @ant-design/plots charting library. Minified output is expected for a data-visualization plugin's client build. | ai | |
| source-diff | net-exec-file:dist/client/c030d9c75a3479a4.js | AI (source-diff): Network+exec pattern is webpack dynamic module loading within the G2/plots charting bundle — not dropper behavior. Expected for this plugin's client-side chart rendering code. | ai | |
| source-diff | obfuscated-file:dist/client/0643c92d90d06abc.js | AI (source-diff): This is a webpack-bundled chunk of @ant-design/plots (G2 charting library). Minified client bundles are expected for this data-visualization plugin; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/0643c92d90d06abc.js | AI (source-diff): Canvas/WebGL rendering calls in the G2 chart bundle trigger this rule as a false positive. No actual network fetch + eval pattern present. | ai | |
| source-diff | obfuscated-file:dist/client/bfe84c06e91567bb.js | AI (source-diff): This is a standard webpack minified chunk bundling @ant-design/plots chart components. Long lines are from minification, not obfuscation. Pattern is consistent across all NocoBase plugin client bundles. | ai | |
| source-diff | net-exec-file:dist/client/bfe84c06e91567bb.js | AI (source-diff): Webpack chunk for charting library (G2/AntV plots + d3-geo). Network and dynamic eval patterns are inherent to charting/geo libraries bundled via webpack; no malicious dropper behavior present. | ai | |
| source-diff | net-exec-file:dist/client/b030358cc7cddba3.js | AI (source-diff): Chart library bundles (G2/antd-plots) legitimately combine network data fetching and dynamic rendering code. False positive for this visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/b030358cc7cddba3.js | AI (source-diff): Standard webpack chunk bundling @ant-design/plots chart library for a data visualization plugin. Minification is expected; no malicious content. | ai | |
| source-diff | net-exec-file:dist/client/2a75e1043e50c7c7.js | AI (source-diff): False positive: webpack dynamic module loading + chart rendering network calls in a client-side bundle; not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/client/2a75e1043e50c7c7.js | AI (source-diff): Standard webpack minified chunk for @ant-design/plots chart library; NocoBase copyright header present; content matches declared data visualization purpose. | ai | |
| source-diff | net-exec-file:dist/client/856bcafb5ba1430e.js | AI (source-diff): False positive: network APIs and dynamic module loading are standard webpack runtime patterns in a bundled data visualization frontend, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/856bcafb5ba1430e.js | AI (source-diff): Webpack-bundled client chunk for a charting plugin; minification is expected. NocoBase copyright header present, exports are standard @ant-design/plots chart types. | ai | |
| source-diff | obfuscated-file:dist/client/7b9430c069977041.js | AI (source-diff): This is a standard webpack chunk bundle for a data visualization plugin. Minified output is expected; exports are chart types from @ant-design/plots. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/7b9430c069977041.js | AI (source-diff): Network+exec pattern is webpack's dynamic module loading, not dropper malware. File exports chart components and math utilities consistent with the plugin's purpose. | ai | |
| source-diff | obfuscated-file:dist/client/09a468fa21b1a604.js | AI (source-diff): Webpack-minified client bundle for a data visualization plugin; long lines are standard build output from @ant-design/plots and d3-geo, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/09a468fa21b1a604.js | AI (source-diff): Chart/geo library bundle legitimately contains network calls (tile fetching) and dynamic patterns; consistent with @ant-design/plots bundled output. | ai | |
| source-diff | obfuscated-file:dist/client/3e0eb5e5257a9bad.js | AI (source-diff): File is a standard webpack-minified bundle of @ant-design/plots (G2 charting library). Minification triggers the >3000 char rule; content is clearly legitimate chart/geo exports with NocoBase copyright header. | ai | |
| source-diff | net-exec-file:dist/client/3e0eb5e5257a9bad.js | AI (source-diff): False positive on a webpack bundle of a charting library. Network calls and dynamic code patterns are inherent to visualization libraries (geo data, canvas rendering); no malicious payload present. | ai | |
| source-diff | obfuscated-file:dist/client/bd3ea8b4e0de87ec.js | AI (source-diff): This is a standard webpack-minified client chunk for a data visualization plugin. Long lines are expected from bundled chart library code (@ant-design/plots/G2). Not actual obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/bd3ea8b4e0de87ec.js | AI (source-diff): Network+exec pattern is webpack's dynamic import/require for code splitting, not dropper malware. Consistent with a legitimate bundled visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/e3bbfe1407390eee.js | AI (source-diff): Network/exec patterns in this file are from the G2/antd-plots charting library (canvas rendering, WebGL, dynamic math). No malicious dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/e3bbfe1407390eee.js | AI (source-diff): This is a standard webpack-bundled chunk of @ant-design/plots charting library. Minified output is expected for this data visualization plugin's client build. | ai | |
| source-diff | net-exec-file:dist/client/47b5756ddaeee3a9.js | AI (source-diff): The network+exec pattern is webpack dynamic module loading within a charting library bundle — not dropper/loader behavior. Expected for this visualization plugin's bundled G2/AntV code. | ai | |
| source-diff | obfuscated-file:dist/client/47b5756ddaeee3a9.js | AI (source-diff): This is a standard webpack-minified chunk of the @ant-design/plots (G2) charting library. Minification triggering long lines is expected for this data visualization plugin's client bundles. | ai | |
| source-diff | net-exec-file:dist/client/6b455c61090d5d1e.js | AI (source-diff): Network + dynamic execution pattern is webpack's self.webpackChunk_* module loading combined with charting library data APIs — standard for bundled frontend visualization code, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/6b455c61090d5d1e.js | AI (source-diff): File is a standard webpack bundle of @ant-design/plots charting library. Minification triggers the long-line heuristic but there is no obfuscation — exports are readable chart type names and math utilities. | ai | |
| source-diff | obfuscated-file:dist/client/2febd6e156097583.js | AI (source-diff): File is a standard webpack-minified bundle of @ant-design/plots (G2 charting library). Minification triggers the rule but content is clearly legitimate chart exports, not malicious obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/2febd6e156097583.js | AI (source-diff): Network calls and dynamic execution in this file are standard webpack lazy-loading and chart data fetching patterns in a frontend visualization bundle, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/cf336bd713ef39b9.js | AI (source-diff): Standard webpack minified bundle chunk for a data visualization plugin; exports chart types from @ant-design/plots. Pattern is consistent across all NocoBase plugin releases. | ai | |
| source-diff | net-exec-file:dist/client/cf336bd713ef39b9.js | AI (source-diff): False positive: webpack dynamic module loading triggers net+exec heuristic. File is a legitimate bundled client chunk for the NocoBase data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/db0da2eb33621e22.js | AI (source-diff): Network calls and dynamic execution in this webpack chunk are standard chart library behavior (data fetching + webpack module loading), not dropper/loader malware patterns. | ai | |
| source-diff | obfuscated-file:dist/client/db0da2eb33621e22.js | AI (source-diff): This is a standard webpack minified chunk bundling @ant-design/plots chart components. Minification is expected for client dist files in this package; not intentional obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/8ec1d3296d3d759c.js | AI (source-diff): Network+exec pattern is a false positive for charting libraries using canvas/WebGL. The file exports chart components (Sankey, Bar, Pie, etc.) with no malicious payload. | ai | |
| source-diff | obfuscated-file:dist/client/8ec1d3296d3d759c.js | AI (source-diff): This is a standard webpack-minified bundle of @ant-design/plots/G2Plot chart library. Minification is expected for client-side dist files in NocoBase plugins. | ai | |
| source-diff | net-exec-file:dist/client/5ceb46d327b17fc1.js | AI (source-diff): Network and dynamic code patterns in this file are from the G2/plots charting library bundle (dynamic imports, canvas rendering). No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/5ceb46d327b17fc1.js | AI (source-diff): This is a webpack-minified bundle of @ant-design/plots (G2 charting library). Long lines are standard minification, not malicious obfuscation. Stable false positive for this package. | ai | |
| source-diff | net-exec-file:dist/client/c136dc4f679302f1.js | AI (source-diff): Pattern-match false positive on webpack bundle; dynamic requires and canvas/fetch calls are normal for charting library bundles, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/c136dc4f679302f1.js | AI (source-diff): Standard webpack-minified client bundle for @ant-design/plots chart library; NocoBase copyright header present. Will recur in every release. | ai | |
| source-diff | net-exec-file:dist/client/c371f5a5e2f21d2e.js | AI (source-diff): Network+exec pattern is from G2/canvas charting library internals (WebGL/canvas rendering), not dropper behavior. Expected in this plugin's bundled client code. | ai | |
| source-diff | obfuscated-file:dist/client/c371f5a5e2f21d2e.js | AI (source-diff): Webpack content-hash chunk bundling @ant-design/plots (G2 charting library). Minified client bundle is expected for this data visualization plugin; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/5e768030638b0703.js | AI (source-diff): Network calls and dynamic patterns in this file are from the G2/AntV visualization library bundled via webpack; no malicious dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/5e768030638b0703.js | AI (source-diff): This is a standard webpack chunk bundling @ant-design/plots (G2Plot) chart library code. Minification is expected for client-side dist files in NocoBase plugins. | ai | |
| source-diff | net-exec-file:dist/client/b4c16ace893f903c.js | AI (source-diff): D3/G2Plot chart libraries include fetch calls and dynamic rendering patterns; this is a false positive for a data visualization webpack bundle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/b4c16ace893f903c.js | AI (source-diff): Standard webpack chunk bundle for @ant-design/plots chart library; minification is expected for client-side dist artifacts in this NocoBase plugin. | ai | |
| source-diff | net-exec-file:dist/client/58767c256ce78601.js | AI (source-diff): Charting library bundle (G2/ant-design/plots) legitimately uses network calls and canvas/WebGL rendering; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/58767c256ce78601.js | AI (source-diff): Minified webpack chunk bundling @ant-design/plots charting library; standard build output for this data visualization plugin, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/06b3cbde5e26b878.js | AI (source-diff): File is a standard webpack-minified bundle of @ant-design/plots/G2/D3 chart libraries, consistent with this data visualization plugin's purpose. Not obfuscated. | ai | |
| source-diff | net-exec-file:dist/client/06b3cbde5e26b878.js | AI (source-diff): Network+exec pattern is a false positive from D3/G2 canvas/WebGL rendering internals in the bundled charting library. No malicious dropper behavior present. | ai | |
| source-diff | net-exec-file:dist/client/b84c50d0f51438dc.js | AI (source-diff): Network+exec pattern is from G2/WebGL canvas rendering code in the charting library bundle, not dropper malware. Expected for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/b84c50d0f51438dc.js | AI (source-diff): This is a standard webpack-minified bundle of @ant-design/plots (G2 charting library). Data visualization plugins legitimately ship large minified chart rendering bundles. | ai | |
| source-diff | obfuscated-file:dist/client/593aa3d01002713c.js | AI (source-diff): Standard webpack production bundle for a data visualization plugin; minified long lines are expected. NocoBase copyright header and chart library exports confirm legitimacy. | ai | |
| source-diff | net-exec-file:dist/client/593aa3d01002713c.js | AI (source-diff): Network calls and dynamic code patterns in this file are from bundled @ant-design/plots and d3-geo charting libraries — expected for a data visualization plugin, not malware. | ai | |
| source-diff | net-exec-file:dist/client/7fad86bec71957ea.js | AI (source-diff): Chart rendering libraries inherently combine network data fetching with dynamic rendering code. No malicious patterns visible; content matches G2/ant-design/plots chart components. | ai | |
| source-diff | obfuscated-file:dist/client/7fad86bec71957ea.js | AI (source-diff): Standard webpack minified chunk for @ant-design/plots G2 chart library. Long lines are expected build output, not obfuscation. Consistent with package's data visualization purpose. | ai | |
| source-diff | net-exec-file:dist/client/37a918db18565610.js | AI (source-diff): Network + exec pattern is webpack's dynamic module loading mechanism in a bundled React frontend. No actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/37a918db18565610.js | AI (source-diff): This is a standard webpack chunk bundle for the NocoBase data visualization plugin, containing @ant-design/plots chart exports. Minification is expected build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/620c6a40278e66ba.js | AI (source-diff): This is a standard webpack production bundle for a client-side data visualization plugin. Long lines are expected minified output, not obfuscation. Pattern is consistent across all NocoBase plugin releases. | ai | |
| source-diff | net-exec-file:dist/client/620c6a40278e66ba.js | AI (source-diff): Webpack chunk bundles legitimately contain dynamic require calls and URL references for chart assets. No dropper/loader behavior present; this is standard G2/ant-design/plots bundle output. | ai | |
| source-diff | obfuscated-file:dist/client/b1d9e3abf76dcefe.js | AI (source-diff): Standard webpack-minified chunk containing @ant-design/plots / G2 chart library. Chart type exports (Sankey, Bar, Pie, etc.) visible; no malicious patterns. | ai | |
| source-diff | net-exec-file:dist/client/b1d9e3abf76dcefe.js | AI (source-diff): G2/AntD Plots chart library legitimately uses network calls and dynamic code for canvas/WebGL rendering. Not a dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/client/3c52bf9434fd3260.js | AI (source-diff): Standard webpack chunk bundle containing @ant-design/plots chart components and gl-matrix math library, matching declared devDependencies. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/3c52bf9434fd3260.js | AI (source-diff): Webpack bundle with dynamic module loading patterns; false positive for dropper detection. Content is legitimate chart library code. | ai | |
| source-diff | net-exec-file:dist/client/82260b168918f36b.js | AI (source-diff): Charting library bundles legitimately combine canvas/WebGL execution with network calls for data. No malicious payload present; this is expected behavior for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/82260b168918f36b.js | AI (source-diff): This is a standard webpack-minified chunk bundling @ant-design/plots (G2 charting library). Long lines are expected from minification, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:dist/client/ed094e0fd0b63f66.js | AI (source-diff): Standard webpack-minified @ant-design/plots chart library bundle (Sankey, Bar, Line, Pie etc.). Matches @ant-design/plots devDependency. Not obfuscated. | ai | |
| source-diff | net-exec-file:dist/client/ed094e0fd0b63f66.js | AI (source-diff): Chart library bundle (@ant-design/plots) legitimately contains network and dynamic rendering patterns. Not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/client/4c5892b4a46f606c.js | AI (source-diff): False positive: chart visualization library (G2/ant-design/plots) legitimately uses canvas/network patterns for geo projections and rendering. No actual dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/4c5892b4a46f606c.js | AI (source-diff): Standard webpack chunk containing @ant-design/plots chart library exports. Minification is expected for NocoBase frontend plugin builds. | ai | |
| source-diff | net-exec-file:dist/client/88e65578140ffcf3.js | AI (source-diff): G2/AntV chart library bundle; network and dynamic execution patterns are from canvas rendering and webpack module loading, not malware. Matches declared devDependency @ant-design/plots. | ai | |
| source-diff | obfuscated-file:dist/client/88e65578140ffcf3.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots G2 chart library. Exports match declared devDependency. Expected for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/3881df8b7cfd2e5c.js | AI (source-diff): This is a standard webpack chunk bundling @ant-design/plots chart library. Minified output is expected for NocoBase client plugin bundles; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/3881df8b7cfd2e5c.js | AI (source-diff): Network+exec pattern is a false positive from webpack runtime dynamic module loading and fetch wrappers in the bundled charting library. No malicious payload present. | ai | |
| source-diff | obfuscated-file:dist/client/a11306eb1ef249ad.js | AI (source-diff): Standard webpack-minified chunk containing @ant-design/plots chart library (Sankey, Bar, Line, Pie, D3 geo, etc.). Matches declared devDependencies exactly. | ai | |
| source-diff | net-exec-file:dist/client/a11306eb1ef249ad.js | AI (source-diff): False positive: webpack dynamic module loading + charting library fetch patterns in @ant-design/plots bundle. No actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/ffabc4c9f14882d5.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots chart components (G2, Sankey, Bar, Pie, etc.); consistent with declared devDependency and plugin purpose. | ai | |
| source-diff | net-exec-file:dist/client/ffabc4c9f14882d5.js | AI (source-diff): False positive: file is a bundled charting library (AntV G2/plots) that legitimately contains network and dynamic code patterns for chart rendering. No malicious payload. | ai | |
| source-diff | net-exec-file:dist/client/eeeb04a24ff7f522.js | AI (source-diff): False positive: @ant-design/plots charting bundle legitimately fetches data and renders dynamically. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/eeeb04a24ff7f522.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots charting library (Sankey, Bar, Line, Pie, d3-geo); NocoBase copyright header present, matches devDependency. | ai | |
| source-diff | obfuscated-file:dist/client/24c832e737b68a33.js | AI (source-diff): Standard webpack chunk bundling @ant-design/plots (G2 chart library) with NocoBase copyright header. Minification is expected for a 1.2MB chart library bundle. | ai | |
| source-diff | net-exec-file:dist/client/3f56985b0c10b8c4.js | AI (source-diff): G2 charting library bundle; network and dynamic code patterns are inherent to visualization libraries, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/3f56985b0c10b8c4.js | AI (source-diff): This is the bundled @ant-design/plots (G2) charting library, expected for a data visualization plugin. Minification is standard build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/1b4028ba6e452b7e.js | AI (source-diff): Standard webpack bundle of @ant-design/plots chart library with NocoBase copyright header; minification is expected for a 1.2MB client bundle. | ai | |
| source-diff | net-exec-file:dist/client/1b4028ba6e452b7e.js | AI (source-diff): Webpack module loading pattern (self.webpackChunk_*) triggers this rule; no actual network fetch + eval dropper pattern present. Standard client-side chart library bundle. | ai | |
| source-diff | obfuscated-file:dist/client/cdc187cd5065e153.js | AI (source-diff): Minified bundle of @ant-design/plots / G2 charting library (Sankey, Bar, Pie, etc.). 1.2MB is expected for a full charting library bundle. | ai | |
| source-diff | net-exec-file:dist/client/cdc187cd5065e153.js | AI (source-diff): False positive on G2/AntD plots charting bundle. Network+dynamic-exec patterns are standard canvas/WebGL rendering code in visualization libraries, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/client/92a641f0ffd4c517.js | AI (source-diff): False positive — file is bundled @ant-design/plots chart library. Network/dynamic patterns are from chart rendering/data fetching, not dropper behavior. Matches declared devDependencies. | ai | |
| source-diff | obfuscated-file:dist/client/92a641f0ffd4c517.js | AI (source-diff): Standard webpack-minified chunk of @ant-design/plots chart library (Sankey, Bar, Scatter, etc.). Legitimate minified library code matching devDependencies. | ai | |
| source-diff | net-exec-file:dist/client/42905ee78746cf59.js | AI (source-diff): Chart rendering library (G2/@ant-design/plots) legitimately uses dynamic patterns and network calls for data visualization. False positive for this package type. | ai | |
| source-diff | obfuscated-file:dist/client/42905ee78746cf59.js | AI (source-diff): Standard webpack-minified chart library bundle (@ant-design/plots/G2). Long lines are minification artifacts, not obfuscation. Expected for a data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/5387c18fa6562726.js | AI (source-diff): False positive: chart library bundle (G2/ant-design/plots) triggers net+exec heuristic due to dynamic rendering patterns, not malicious dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/5387c18fa6562726.js | AI (source-diff): Standard webpack-minified chart library bundle (G2/@ant-design/plots). Content matches declared devDependency @ant-design/plots. | ai | |
| source-diff | net-exec-file:dist/client/03301e551358e518.js | AI (source-diff): Network + dynamic code execution pattern is from bundled G2/AntV charting library (canvas/WebGL rendering). Not dropper/loader behavior; consistent with legitimate charting library internals. | ai | |
| source-diff | obfuscated-file:dist/client/03301e551358e518.js | AI (source-diff): This is a standard webpack-minified client bundle for the NocoBase data visualization plugin, exporting known G2/AntV chart types. Minification is expected for all dist/client chunks in this package. | ai | |
| source-diff | net-exec-file:dist/client/8ed0dbef548937ec.js | AI (source-diff): The G2/Plots charting library legitimately uses network calls and dynamic rendering patterns. Content is clearly the @ant-design/plots bundle, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/client/8ed0dbef548937ec.js | AI (source-diff): Standard webpack-bundled @ant-design/plots (G2 charts) chunk with NocoBase copyright header. Minification is expected for client dist files in this package. | ai | |
| source-diff | obfuscated-file:dist/client/c9ba4b87c688921a.js | AI (source-diff): This is a standard webpack production bundle for a data visualization plugin bundling G2/AntV chart libraries. Long lines are expected minification artifacts, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/c9ba4b87c688921a.js | AI (source-diff): Network calls and dynamic requires in this webpack chunk are normal for a chart library bundle (data fetching + dynamic module loading). No dropper/loader behavior present. | ai | |
| source-diff | net-exec-file:dist/client/4351bc320cb2458d.js | AI (source-diff): Network calls and dynamic patterns in this file originate from the G2/ant-design/plots charting library bundled for client-side rendering, not malicious dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/4351bc320cb2458d.js | AI (source-diff): File is a webpack-bundled @ant-design/plots charting library chunk, consistent with the plugin's data-visualization purpose. Minification is expected for client bundles. | ai | |
| source-diff | net-exec-file:dist/client/7887910c8d9f8175.js | AI (source-diff): Network+exec pattern is from bundled @ant-design/plots charting library (geo data, canvas rendering). Not malicious; expected for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/7887910c8d9f8175.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots chart library. Exports recognizable chart components (Sankey, Bar, Pie, etc.). Expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/client/bed2a7ecda11b1cc.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots G2 chart library. Content is clearly chart visualization code (Sankey, Bar, Pie, etc.). Not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/client/bed2a7ecda11b1cc.js | AI (source-diff): False positive on G2/ant-design/plots chart library bundle. Network+exec pattern is from legitimate chart rendering, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/client/dc104b92cad4a2cb.js | AI (source-diff): Standard webpack-bundled @ant-design/plots charting library. Expected large bundle for a data visualization plugin. NocoBase copyright header present. | ai | |
| source-diff | obfuscated-file:dist/client/3f66fc107a17e7ea.js | AI (source-diff): Standard webpack-bundled CodeMirror SQL language support chunk. Long lines are webpack minification output, not obfuscation. Consistent with package.json devDependencies. | ai | |
| source-diff | net-exec-file:dist/client/dc104b92cad4a2cb.js | AI (source-diff): False positive: webpack chunk push pattern and chart rendering code (Sankey, Bar, Pie etc.) in @ant-design/plots bundle. Not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/client/d18b1ae049066363.js | AI (source-diff): False positive: bundled @ant-design/plots chart library legitimately uses canvas/WebGL APIs and data fetching. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/d18b1ae049066363.js | AI (source-diff): Standard webpack-minified chunk with NocoBase copyright header; contains @ant-design/plots chart library (Sankey, Bar, Line, Pie, etc.), a legitimate devDependency for a data visualization plugin. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New webpack chunks correspond to added chart library dependencies (CodeMirror, @ant-design/plots) expected for a data visualization plugin update. | ai | |
| source-diff | obfuscated-file:dist/client/02a2d7e6bda190d9.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots chart library with NocoBase copyright header. Minification is expected for this frontend plugin. | ai | |
| source-diff | net-exec-file:dist/client/02a2d7e6bda190d9.js | AI (source-diff): False positive: file exports chart visualization components. Network/exec pattern is webpack module loading + chart rendering, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/98a22c0b10046d7e.js | AI (source-diff): This is a standard webpack-minified bundle for the G2/AntV data visualization library. Minification is expected for a 1.2MB chart library bundle in a NocoBase plugin. | ai | |
| source-diff | net-exec-file:dist/client/98a22c0b10046d7e.js | AI (source-diff): Network + dynamic execution pattern is a heuristic false positive for webpack bundles that include chart data fetching and dynamic module loading — standard in visualization libraries. | ai | |
| source-diff | obfuscated-file:dist/client/8795975cb8946be4.js | AI (source-diff): Webpack-minified Lezer parser runtime (used by CodeMirror). Standard minified library bundle, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/33492453ee0d31e9.js | AI (source-diff): Webpack-minified bundle of @ant-design/plots / G2 charting library. Chart type exports (Sankey, Bar, Pie, etc.) confirm legitimate visualization library content. | ai | |
| source-diff | obfuscated-file:dist/client/2ba6e739852f8f86.js | AI (source-diff): Standard webpack-minified bundle of @codemirror/lang-sql (SQL dialect definitions). Minification is expected for client dist files in NocoBase plugins. | ai | |
| source-diff | net-exec-file:dist/client/33492453ee0d31e9.js | AI (source-diff): False positive: network+exec pattern in a charting library bundle (D3 geo, canvas rendering). No actual dropper/loader behavior; standard chart rendering code. | ai | |
| source-diff | obfuscated-file:dist/client/924c5f5607998e1c.js | AI (source-diff): Webpack-minified @codemirror/lang-javascript bundle (TypeScript/JS/JSX language support). Standard minified library, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/6e629dfebcb26a7b.js | AI (source-diff): Network and dynamic code patterns in this file are from the AntV/G2 chart library (canvas/WebGL rendering, workers). No dropper/loader behavior is present; this is a false positive for minified visualization bundles. | ai | |
| source-diff | obfuscated-file:dist/client/6e629dfebcb26a7b.js | AI (source-diff): This is a standard webpack-minified bundle for the G2/AntV charting library, consistent with the package's data visualization purpose. Minified client bundles are expected in every release of this plugin. | ai | |
| source-diff | net-exec-file:dist/client/dfc32d1ddbd39040.js | AI (source-diff): Network/exec patterns in this file are from d3-geo and G2Plot chart rendering internals bundled via webpack — not malicious dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/dfc32d1ddbd39040.js | AI (source-diff): This is a standard webpack bundle of @ant-design/plots chart library code. Minified output is expected for this data visualization plugin's client dist. | ai | |
| source-diff | net-exec-file:dist/client/b122273dcfd147ad.js | AI (source-diff): Network + eval pattern fires on webpack runtime + charting library fetch calls. No dropper/loader behavior present; consistent with legitimate data visualization bundle. | ai | |
| source-diff | obfuscated-file:dist/client/b122273dcfd147ad.js | AI (source-diff): File is a standard webpack-minified bundle of the G2/AntV charting library. Minified chart bundles are expected in this data-visualization plugin and are not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:dist/client/28ba4511bf11a903.js | AI (source-diff): False positive: webpack bundles for charting libraries contain dynamic module loading and canvas/WebGL network patterns. No actual dropper/loader behavior present in the sample. | ai | |
| source-diff | obfuscated-file:dist/client/28ba4511bf11a903.js | AI (source-diff): This is a standard webpack-minified chunk bundling @ant-design/plots chart components. Minification is expected for a large client-side charting library bundle in the NocoBase plugin ecosystem. | ai | |
| source-diff | obfuscated-file:dist/client/c61bcd50f01198b6.js | AI (source-diff): File is a standard webpack minified bundle chunk for @ant-design/plots chart components, consistent with NocoBase's data visualization plugin build output. Long lines are expected minification artifacts. | ai | |
| source-diff | net-exec-file:dist/client/c61bcd50f01198b6.js | AI (source-diff): Network calls and dynamic code patterns in this file originate from chart rendering libraries (d3-geo, G2Plot). No dropper/loader behavior; consistent with legitimate data visualization bundle. | ai | |
| source-diff | net-exec-file:dist/client/5b8bd107b3f9d3fb.js | AI (source-diff): Network calls are chart data APIs; dynamic execution is webpack module system boilerplate. Both are expected in a client-side charting bundle for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/5b8bd107b3f9d3fb.js | AI (source-diff): File is a standard webpack-minified client bundle for @ant-design/plots G2 charts. Long lines are minification artifacts, not intentional obfuscation. Consistent with NocoBase plugin build pattern. | ai | |
| source-diff | obfuscated-file:dist/client/b02c4e6f07dfa1ae.js | AI (source-diff): This is a standard webpack-minified bundle of @ant-design/plots/G2Plot chart library. Long lines are minification artifacts, not obfuscation. Pattern is consistent across NocoBase plugin releases. | ai | |
| source-diff | net-exec-file:dist/client/b02c4e6f07dfa1ae.js | AI (source-diff): Network+exec pattern is a false positive on webpack bundles; dynamic requires and asset URLs are standard in charting library chunks, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/client/76dbaf8304de31ec.js | AI (source-diff): Network and dynamic execution patterns are inherent to chart rendering libraries (canvas/WebGL/data fetching). This is a bundled @ant-design/plots chunk, not malware. | ai | |
| source-diff | obfuscated-file:dist/client/76dbaf8304de31ec.js | AI (source-diff): This is a standard webpack-minified bundle of @ant-design/plots chart components. Minification is expected for frontend dist files in NocoBase plugins; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/67f56099dcb661b2.js | AI (source-diff): Network calls and dynamic execution patterns in this file are from chart library internals (gl-matrix, canvas rendering). No malicious payload evident; consistent with legitimate webpack bundle. | ai | |
| source-diff | obfuscated-file:dist/client/67f56099dcb661b2.js | AI (source-diff): This is a standard webpack chunk bundle for @ant-design/plots chart exports. Minification is expected for a 1.2MB frontend build artifact in a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/0a4321805e568523.js | AI (source-diff): This is a webpack-minified bundle of @ant-design/plots (G2Plot charting library). Minified chart library bundles are expected in this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/0a4321805e568523.js | AI (source-diff): Network+exec pattern in webpack bundle of a charting library is a false positive. Dynamic module loading and data fetching are standard for visualization plugins. | ai | |
| source-diff | net-exec-file:dist/client/950.ba9ae5ed03ed20ab.js | AI (source-diff): False positive on bundled @ant-design/plots/G2 charting library. Network/exec patterns are from chart rendering internals, not malware. | ai | |
| source-diff | obfuscated-file:dist/client/950.ba9ae5ed03ed20ab.js | AI (source-diff): Standard webpack-minified bundle of @ant-design/plots charting library. Long lines are normal minification output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/f91435b8beaaa2d9.js | AI (source-diff): This is a webpack-bundled chunk of @ant-design/plots (G2 charting library). Minified bundle output is expected for this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/f91435b8beaaa2d9.js | AI (source-diff): Network and dynamic code patterns in this file are from the G2/AntD plots charting library bundle, not malicious dropper behavior. Expected for a data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/950.9e6bc741b2de781a.js | AI (source-diff): Bundled @ant-design/plots / G2 charting library (Sankey, Bar, Pie, etc.). Expected 1.2MB artifact for a data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/950.9e6bc741b2de781a.js | AI (source-diff): Chart/canvas library legitimately contains network and dynamic execution patterns. Content is identifiable as @ant-design/plots G2 chart library, not malware. | ai | |
| source-diff | obfuscated-file:dist/client/950.88708948cc947865.js | AI (source-diff): 1.2MB webpack chunk bundling @ant-design/plots/G2 charting library. Exports (Sankey, Bar, Line, Pie, etc.) match devDependency. Minified, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/client/950.88708948cc947865.js | AI (source-diff): Charting library bundle (G2/@ant-design/plots) legitimately combines network data fetching and dynamic rendering. Not a dropper/loader pattern. | ai | |
| source-diff | obfuscated-file:dist/client/e14b7d4486b68e34.js | AI (source-diff): This is a standard webpack-minified chunk for @ant-design/plots chart library. Long lines are expected in minified bundles; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/e14b7d4486b68e34.js | AI (source-diff): Webpack bundles contain dynamic require/import and fetch calls by design. No actual dropper/loader behavior present in this chart library chunk. | ai | |
| source-diff | obfuscated-file:dist/client/47cb6d20a3521cc4.js | AI (source-diff): This is a webpack-bundled chunk of @ant-design/plots (G2Plot charting library). Minified bundles are expected for this data visualization plugin; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/47cb6d20a3521cc4.js | AI (source-diff): Network+exec pattern is a false positive from the G2Plot charting library's canvas/WebGL rendering and data fetch internals bundled into this webpack chunk. | ai | |
| source-diff | obfuscated-file:dist/client/528abf127c82161e.js | AI (source-diff): This is a webpack-bundled chunk of @ant-design/plots (G2 charting library). Minified output is expected for a data visualization plugin; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/528abf127c82161e.js | AI (source-diff): Chart rendering code uses canvas/WebGL APIs and dynamic module loading — standard for G2/AntV charting bundles, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/client/9bb404184d770e86.js | AI (source-diff): Chart library bundles (canvas/WebGL rendering) legitimately contain both network-like APIs and dynamic code patterns. Not malware dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/client/9bb404184d770e86.js | AI (source-diff): This is a standard webpack chunk bundling @ant-design/plots chart library. Minified output is expected for this data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/42efba40888dcf9c.js | AI (source-diff): This is a standard webpack minified bundle for @ant-design/plots chart components. Long lines are due to minification, not obfuscation. Expected for this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/42efba40888dcf9c.js | AI (source-diff): False positive on webpack bundle — network calls are chart data fetching, dynamic execution is webpack module loading. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/52b6e6ba5111171b.js | AI (source-diff): This is a webpack-bundled chunk of @ant-design/plots (G2 charting library). Minified output is expected for this data visualization plugin; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/52b6e6ba5111171b.js | AI (source-diff): Network+exec pattern is a false positive from WebGL/canvas rendering code in the bundled G2/plots charting library. No malicious dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/79b387d12964265b.js | AI (source-diff): This is a standard webpack bundle of @ant-design/plots charting library (G2 charts). Minification is expected for a 1.2MB client-side chart library bundle, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/client/79b387d12964265b.js | AI (source-diff): Network+exec pattern is webpack's standard browser chunk loading (self.webpackChunk_*). No actual network fetch or dynamic eval of remote code; this is a false positive for webpack bundles. | ai | |
| source-diff | net-exec-file:dist/client/950.20097cdaacea28dc.js | AI (source-diff): Network calls and dynamic rendering in @ant-design/plots chart bundle are expected for a data visualization library. No malicious dropper patterns present. | ai | |
| source-diff | obfuscated-file:dist/client/969.7fbbb4fa78123d3a.js | AI (source-diff): Webpack-minified chunk containing CodeMirror SQL dialect support, matching declared devDependency @codemirror/lang-sql. Normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/client/453.b679367b7bb897b6.js | AI (source-diff): Standard webpack-minified chunk containing CodeMirror JS/TS language support, matching declared devDependency @codemirror/lang-javascript. Normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/client/754.d08ce02d24408fc0.js | AI (source-diff): Standard webpack-minified chunk containing CodeMirror parser internals. Normal build artifact for this data visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/950.20097cdaacea28dc.js | AI (source-diff): Webpack-minified bundle of @ant-design/plots chart components (Sankey, Bar, Line, Pie, etc.), matching declared devDependency. Expected large artifact for a data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/8657f1f3fd868a3b.js | AI (source-diff): Network/exec pattern is a false positive from charting library internals (canvas, geo projections). Standard webpack bundle for a visualization plugin. | ai | |
| source-diff | obfuscated-file:dist/client/8657f1f3fd868a3b.js | AI (source-diff): This is a webpack-bundled chunk of the @ant-design/plots / G2 charting library. Minified output is expected for a data visualization plugin; not obfuscation. | ai | |
| provenance | no-provenance | AI (provenance): NocoBase ecosystem does not use Sigstore provenance; consistent across all their packages. | ai | |
| source-diff | obfuscated-file:dist/client/b605d4f34cba7f37.js | AI (source-diff): This is a standard webpack-minified bundle for the @ant-design/plots / G2 charting library. Minified client bundles are expected in every release of this data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/b605d4f34cba7f37.js | AI (source-diff): False positive: D3/G2 charting internals and webpack runtime trigger net+exec heuristics. No actual dropper/loader behavior present in this bundle. | ai | |
| source-diff | obfuscated-file:dist/client/a82390fa5c871f61.js | AI (source-diff): 1.2MB webpack chunk bundling @ant-design/plots G2 charting library. Minification is expected for this large visualization dependency; exports match chart types documented for this plugin. | ai | |
| source-diff | net-exec-file:dist/client/a82390fa5c871f61.js | AI (source-diff): Network+exec pattern is webpack's dynamic module loading infrastructure within a bundled charting library. No actual dropper/loader behavior present in the sample. | ai | |
| source-diff | net-exec-file:dist/client/b9d994920b5ee85f.js | AI (source-diff): False positive: the G2/plots charting library legitimately uses dynamic rendering and network calls for chart data. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/client/b9d994920b5ee85f.js | AI (source-diff): This is a standard webpack-minified chunk containing the @ant-design/plots/G2 charting library. Minification is expected for a 1.2MB chart bundle in a data visualization plugin. | ai | |
| source-diff | net-exec-file:dist/client/32f60f8a7b5b16a3.js | AI (source-diff): Network + dynamic execution flags are false positives for bundled charting libraries using WebGL/Canvas and dynamic module loading. No malicious payload present. | ai | |
| source-diff | obfuscated-file:dist/client/32f60f8a7b5b16a3.js | AI (source-diff): This is a webpack-bundled chunk of the @ant-design/plots G2 charting library. Minified output is expected for a data visualization plugin; exports are canonical chart types (Bar, Line, Pie, etc.). | ai | |
| bogus-package | bogus-package | AI (bogus-package): NocoBase plugins consistently link to their official docs site rather than embedding usage examples in README. This is a documentation style choice, not a spam indicator. | ai | |
| source-diff | net-exec-file:dist/client/9b10e5e5f5e8c0d5.js | AI (source-diff): Network calls and dynamic patterns are standard in bundled charting libraries (data fetching + webpack runtime). No dropper/loader indicators in the sample. | ai | |
| source-diff | obfuscated-file:dist/client/9b10e5e5f5e8c0d5.js | AI (source-diff): File is a webpack chunk bundling @ant-design/plots charting library (G2, Sankey, Bar, etc.). Minification is expected for production frontend builds in this package. | ai | |
| source-diff | net-exec-file:dist/client/77ce8adb3d34baae.js | AI (source-diff): Network/dynamic-exec patterns in a charting library bundle (AntV G2) are expected for canvas/WebGL rendering. No evidence of malicious dropper behavior. | ai | |
| source-diff | encoded-string-file:dist/client/index.js | AI (source-diff): Long strings in index.js are standard UMD module wrapper require() chains, not encoded payloads. Normal webpack UMD bundle pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/client/77ce8adb3d34baae.js | AI (source-diff): Webpack-bundled AntV G2/plots charting library chunk. Minified output is expected for this data visualization plugin; exports match known G2 chart types (Sankey, Bar, Line, Pie, etc.). | ai |
Versions (showing 100 of 124)
| Version | Deps | Published |
|---|---|---|
| 2.0.61 | 0 / 22 | |
| 2.0.60 | 0 / 22 | |
| 2.0.59 | 0 / 22 | |
| 2.0.58 | 0 / 22 | |
| 2.0.57 | 0 / 22 | |
| 2.0.56 | 0 / 22 | |
| 2.0.55 | 0 / 22 | |
| 2.0.54 | 0 / 22 | |
| 2.0.53 | 0 / 22 | |
| 2.0.52 | 0 / 22 | |
| 2.0.51 | 0 / 22 | |
| 2.0.50 | 0 / 22 | |
| 2.0.49 | 0 / 22 | |
| 2.0.48 | 0 / 22 | |
| 2.0.47 | 0 / 22 | |
| 2.0.46 | 0 / 22 | |
| 2.0.45 | 0 / 22 | |
| 2.0.44 | 0 / 22 | |
| 2.0.43 | 0 / 22 | |
| 2.0.42 | 0 / 22 | |
| 2.0.41 | 0 / 22 | |
| 2.0.40 | 0 / 22 | |
| 2.0.39 | 0 / 22 | |
| 2.0.38 | 0 / 22 | |
| 2.0.37 | 0 / 22 | |
| 2.0.36 | 0 / 22 | |
| 2.0.35 | 0 / 22 | |
| 2.0.34 | 0 / 22 | |
| 2.0.33 | 0 / 22 | |
| 2.0.32 | 0 / 22 | |
| 2.0.31 | 0 / 22 | |
| 2.0.30 | 0 / 22 | |
| 2.0.29 | 0 / 22 | |
| 2.0.28 | 0 / 22 | |
| 2.0.27 | 0 / 22 | |
| 2.0.26 | 0 / 22 | |
| 2.0.25 | 0 / 22 | |
| 2.0.24 | 0 / 22 | |
| 2.0.23 | 0 / 22 | |
| 2.0.22 | 0 / 22 | |
| 2.0.21 | 0 / 22 | |
| 2.0.20 | 0 / 22 | |
| 2.0.19 | 0 / 22 | |
| 2.0.18 | 0 / 22 | |
| 2.0.17 | 0 / 22 | |
| 2.0.16 | 0 / 22 | |
| 2.0.15 | 0 / 22 | |
| 2.0.14 | 0 / 22 | |
| 2.0.13 | 0 / 22 | |
| 2.0.12 | 0 / 22 | |
| 2.0.11 | 0 / 22 | |
| 2.0.10 | 0 / 22 | |
| 2.0.9 | 0 / 22 | |
| 2.0.8 | 0 / 22 | |
| 2.0.7 | 0 / 22 | |
| 2.0.6 | 0 / 22 | |
| 2.0.5 | 0 / 22 | |
| 2.0.3 | 0 / 22 | |
| 2.0.2 | 0 / 22 | |
| 2.0.1 | 0 / 22 | |
| 2.0.0 | 0 / 22 | |
| 1.9.62 | 0 / 14 | |
| 1.9.61 | 0 / 14 | |
| 1.9.60 | 0 / 14 | |
| 1.9.59 | 0 / 14 | |
| 1.9.58 | 0 / 14 | |
| 1.9.57 | 0 / 14 | |
| 1.9.56 | 0 / 14 | |
| 1.9.55 | 0 / 14 | |
| 1.9.54 | 0 / 14 | |
| 1.9.53 | 0 / 14 | |
| 1.9.52 | 0 / 14 | |
| 1.9.51 | 0 / 14 | |
| 1.9.49 | 0 / 14 | |
| 1.9.47 | 0 / 14 | |
| 1.9.46 | 0 / 14 | |
| 1.9.45 | 0 / 14 | |
| 1.9.44 | 0 / 14 | |
| 1.9.43 | 0 / 14 | |
| 1.9.42 | 0 / 14 | |
| 1.9.41 | 0 / 14 | |
| 1.9.40 | 0 / 14 | |
| 1.9.39 | 0 / 14 | |
| 1.9.38 | 0 / 14 | |
| 1.9.37 | 0 / 14 | |
| 1.9.36 | 0 / 14 | |
| 1.9.35 | 0 / 14 | |
| 1.9.34 | 0 / 14 | |
| 1.9.33 | 0 / 14 | |
| 1.9.32 | 0 / 14 | |
| 1.9.31 | 0 / 14 | |
| 1.9.30 | 0 / 14 | |
| 1.9.29 | 0 / 14 | |
| 1.9.28 | 0 / 14 | |
| 1.9.27 | 0 / 14 | |
| 1.9.26 | 0 / 14 | |
| 1.9.25 | 0 / 14 | |
| 1.9.24 | 0 / 14 | |
| 1.9.23 | 0 / 14 | |
| 1.9.22 | 0 / 14 |
v2.0.61
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.60
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.59
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.58
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.57
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.56
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.55
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.54
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.53
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.52
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.51
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.50
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.49
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.48
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.47
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.45
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.44
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.42
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.41
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.40
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.39
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.38
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.37
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.36
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.35
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.34
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.33
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.32
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.31
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.30
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.25
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.24
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.23
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.22
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.21
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.20
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.19
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.18
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.17
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.16
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.15
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.13
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.12
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.11
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.10
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.9
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.8
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.7
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.6
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.62
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.61
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.60
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.59
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.58
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.57
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.56
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.55
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.54
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.53
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.52
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.51
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.49
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.47
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.46
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.45
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.44
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.43
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.42
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.41
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.40
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.39
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.38
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.37
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.36
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.35
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.34
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.33
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.32
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.31
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.30
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.29
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.28
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.27
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.26
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.25
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.24
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.23
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.22
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.