@onerjs/gui-editor
Gui Editor es6
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/babylon.guiEditor.js | AI (source-diff): Standard rollup UMD minified bundle for BabylonJS GUI Editor; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/babylon.guiEditor.max.js | AI (source-diff): Standard rollup UMD minified bundle for BabylonJS GUI Editor; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/babylon.guiEditor.js | AI (source-diff): Network/exec pattern in a 3D engine GUI bundle is expected (dynamic module loading, React internals); no exfiltration payload visible. | ai | |
| source-diff | net-exec-file:dist/babylon.guiEditor.max.js | AI (source-diff): Same as babylon.guiEditor.js — standard BabylonJS bundle pattern. | ai | |
| source-diff | source-size-tripled | AI (source-diff): First version to include pre-built dist files; size increase is expected and benign. | ai |
Versions (showing 65 of 65)
| Version | Deps | Published |
|---|---|---|
| 8.52.7 | 0 / 4 | |
| 8.52.6 | 0 / 4 | |
| 8.52.5 | 0 / 4 | |
| 8.52.4 | 0 / 4 | |
| 8.52.3 | 0 / 4 | |
| 8.52.2 | 0 / 4 | |
| 8.52.1 | 0 / 4 | |
| 8.51.9 | 0 / 4 | |
| 8.51.8 | 0 / 4 | |
| 8.51.7 | 0 / 4 | |
| 8.51.6 | 0 / 4 | |
| 8.51.5 | 0 / 4 | |
| 8.51.4 | 0 / 4 | |
| 8.51.3 | 0 / 4 | |
| 8.51.2 | 0 / 4 | |
| 8.51.1 | 0 / 4 | |
| 8.50.9 | 0 / 4 | |
| 8.50.8 | 0 / 4 | |
| 8.50.7 | 0 / 4 | |
| 8.50.6 | 0 / 4 | |
| 8.50.5 | 0 / 4 | |
| 8.50.4 | 0 / 4 | |
| 8.50.3 | 0 / 4 | |
| 8.50.2 | 0 / 4 | |
| 8.50.1 | 0 / 4 | |
| 8.49.9 | 0 / 4 | |
| 8.49.8 | 0 / 4 | |
| 8.49.7 | 0 / 4 | |
| 8.49.6 | 0 / 4 | |
| 8.49.5 | 0 / 4 | |
| 8.49.4 | 0 / 4 | |
| 8.49.3 | 0 / 4 | |
| 8.49.2 | 0 / 4 | |
| 8.49.1 | 0 / 4 | |
| 8.48.9 | 0 / 4 | |
| 8.48.8 | 0 / 4 | |
| 8.48.7 | 0 / 4 | |
| 8.48.6 | 0 / 4 | |
| 8.48.5 | 0 / 4 | |
| 8.48.4 | 0 / 4 | |
| 8.48.3 | 0 / 4 | |
| 8.48.2 | 0 / 4 | |
| 8.48.1 | 0 / 4 | |
| 8.47.9 | 0 / 4 | |
| 8.47.8 | 0 / 4 | |
| 8.47.7 | 0 / 4 | |
| 8.47.6 | 0 / 4 | |
| 8.47.5 | 0 / 4 | |
| 8.47.4 | 0 / 4 | |
| 8.47.3 | 0 / 4 | |
| 8.47.2 | 0 / 4 | |
| 8.47.1 | 0 / 4 | |
| 8.46.9 | 0 / 4 | |
| 8.46.8 | 0 / 4 | |
| 8.46.6 | 0 / 4 | |
| 8.46.4 | 0 / 4 | |
| 8.46.3 | 0 / 4 | |
| 8.46.2 | 0 / 4 | |
| 8.46.1 | 0 / 4 | |
| 8.45.9 | 0 / 4 | |
| 8.45.8 | 0 / 4 | |
| 8.45.7 | 0 / 4 | |
| 8.45.6 | 0 / 4 | |
| 8.45.5 | 0 / 4 | |
| 8.45.4 | 0 / 4 |
v8.52.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.52.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.51.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.50.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.49.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.48.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.47.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.45.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.