← Home

@nsshunt/stsoauth2plugin

npm Repository Homepage

STS OAuth2 VUE Plugin

47
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nsshunt

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff net-exec-file:dist/index.cjs AI (source-diff): Network calls are axios/http/https for OAuth2 flows; no dynamic code execution beyond bundler require shim. ai
source-diff obfuscated-file:dist/index.cjs AI (source-diff): Standard rolldown/vite bundle output; readable boilerplate, not obfuscated malware. ai
source-diff obfuscated-file:dist/index.mjs AI (source-diff): Standard rolldown/vite bundle output; readable boilerplate, not obfuscated malware. ai
source-diff net-exec-file:dist/index.mjs AI (source-diff): Network calls are axios/http/https for OAuth2 flows; no dynamic code execution beyond bundler require shim. ai
phantom-deps phantom-dep:detect-node AI (phantom-deps): Bundled output; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Internal org plugin; thin README and no keywords are cosmetic, not indicative of spam. ai
phantom-deps phantom-dep:@nsshunt/stsauthclient AI (phantom-deps): Same-org scoped dep; indirect usage in bundled output is expected. ai
phantom-deps phantom-dep:@nsshunt/stsinstrumentmanagerclient AI (phantom-deps): Same-org scoped dep; indirect usage in bundled output is expected. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:http-status-codes AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:jwt-decode AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:crypto-js AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive for this package. ai

Versions (showing 47 of 47)

Version Deps Published
1.0.178 10 / 9
1.0.177 10 / 9
1.0.176 10 / 9
1.0.175 10 / 9
1.0.174 10 / 9
1.0.173 10 / 9
1.0.172 10 / 9
1.0.171 10 / 9
1.0.170 10 / 9
1.0.169 11 / 9
1.0.168 11 / 9
1.0.167 11 / 9
1.0.166 10 / 9
1.0.165 10 / 9
1.0.164 10 / 9
1.0.163 11 / 10
1.0.162 11 / 10
1.0.161 11 / 10
1.0.160 11 / 11
1.0.159 11 / 11
1.0.158 11 / 11
1.0.157 11 / 11
1.0.156 11 / 11
1.0.155 10 / 11
1.0.154 10 / 11
1.0.153 10 / 11
1.0.152 10 / 11
1.0.151 10 / 11
1.0.150 10 / 11
1.0.149 10 / 11
1.0.148 10 / 11
1.0.147 10 / 11
1.0.146 10 / 11
1.0.145 10 / 11
1.0.144 10 / 11
1.0.143 10 / 11
1.0.142 10 / 11
1.0.141 10 / 11
1.0.140 10 / 11
1.0.139 10 / 11
1.0.138 10 / 11
1.0.137 10 / 11
1.0.136 10 / 11
1.0.135 10 / 11
1.0.134 10 / 11
1.0.133 10 / 11
1.0.132 10 / 11

v1.0.178

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.177

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.176

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.175

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.174

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.173

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.172

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.171

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.170

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.169

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.168

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.167

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.166

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.165

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.164

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.163

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.162

5 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.mjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.161

5 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.mjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.160

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.159

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.158

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.157

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.156

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.155

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.154

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.153

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.152

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.151

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.150

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.149

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.148

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.147

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.146

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.145

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.144

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.143

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.142

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.141

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.140

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.139

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.138

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.137

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.136

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.135

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.134

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.133

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.132

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.