@openfin/core-web
`@openfin/core-web` enables interoperability and layouts within a web browser. It is intended to be used by both content and platform developers to create integrated experiences which leverage OpenFin's existing interoperability APIs.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:out/main-fc7d58c0.js | AI (source-diff): Standard Rollup minified output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-5d8b578b.js | AI (source-diff): Standard Rollup minified output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-63d950ea.js | AI (source-diff): Standard Rollup minified output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-995f7276.js | AI (source-diff): Standard Rollup minified output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-14e8828f.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated. | ai | |
| source-diff | obfuscated-file:out/main-fd1b2b20.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated. | ai | |
| source-diff | obfuscated-file:out/main-987a0ad6.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated. | ai | |
| source-diff | obfuscated-file:out/main-87a91d10.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated. | ai | |
| source-diff | obfuscated-file:out/main-ea4b39be.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:out/main-9b6398d1.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:out/main-4d818c51.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:out/main-241904a1.js | AI (source-diff): Standard Rollup minified build output for this package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:out/main-5dbd6c16.js | AI (source-diff): Rollup-generated minified chunk; consistent with package's documented build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-6dff1c7a.js | AI (source-diff): Rollup-generated minified chunk; consistent with package's documented build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-857a6ee2.js | AI (source-diff): Rollup-generated minified chunk; consistent with package's documented build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-a8e06509.js | AI (source-diff): Rollup-generated minified chunk; consistent with package's documented build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-87534039.js | AI (source-diff): Standard Rollup minified build output for OpenFin SDK; not obfuscated, code is readable and uses known deps. | ai | |
| source-diff | obfuscated-file:out/main-cdaba21c.js | AI (source-diff): Standard Rollup minified build output for OpenFin SDK; not obfuscated, code is readable and uses known deps. | ai | |
| source-diff | obfuscated-file:out/main-99bc6ad4.js | AI (source-diff): Standard Rollup minified build output for OpenFin SDK; not obfuscated, code is readable and uses known deps. | ai | |
| source-diff | obfuscated-file:out/main-172c400a.js | AI (source-diff): Standard Rollup minified build output for OpenFin SDK; not obfuscated, code is readable and uses known deps. | ai | |
| source-diff | obfuscated-file:out/main-1aab9d96.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-cd2d270e.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-b8707ada.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-4df58399.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-197e7a21.js | AI (source-diff): Standard Rollup minified build output; readable identifiers, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-eb6066e6.js | AI (source-diff): Standard Rollup/webpack minified build output; no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-d88b62d0.js | AI (source-diff): Standard Rollup/webpack minified build output; no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-9dffcbd3.js | AI (source-diff): Standard Rollup/webpack minified build output; no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-64607de3.js | AI (source-diff): Standard Rollup/webpack minified bundle output for this package; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-d41c92b3.js | AI (source-diff): Standard Rollup/webpack minified bundle output for this package; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-8dcf9a45.js | AI (source-diff): Standard Rollup/webpack minified bundle output for this package; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-7a785515.js | AI (source-diff): Standard Rollup/webpack minified bundle output for this package; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-09ce97f0.js | AI (source-diff): Standard Rollup minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-de019a27.js | AI (source-diff): Standard Rollup minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-ccf02e5a.js | AI (source-diff): Standard Rollup minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-3ffa83d1.js | AI (source-diff): Standard Rollup minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-82d77a54.js | AI (source-diff): Rollup-minified shared CJS chunk; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:out/main-f5f2dddb.js | AI (source-diff): Rollup-minified ESM bundle; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:out/main-d0830314.js | AI (source-diff): Rollup-minified ESM chunk; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:out/main-7432417d.js | AI (source-diff): Rollup-minified CJS bundle; readable domain logic, stable pattern across versions. | ai | |
| source-diff | obfuscated-file:out/main-7861dca4.js | AI (source-diff): Standard rollup minified output for this package; no malicious patterns in code. | ai | |
| source-diff | obfuscated-file:out/main-f50d2a53.js | AI (source-diff): Standard rollup minified output for this package; no malicious patterns in code. | ai | |
| source-diff | obfuscated-file:out/main-d517e27e.js | AI (source-diff): Standard rollup minified output for this package; no malicious patterns in code. | ai | |
| source-diff | obfuscated-file:out/main-1e4d6670.js | AI (source-diff): Standard rollup minified output for this package; no malicious patterns in code. | ai | |
| source-diff | obfuscated-file:out/main-23e24ea6.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-de2940cb.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-af6807af.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-a06c6c7a.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-27dad9ce.js | AI (source-diff): Standard Rollup minified output; readable OpenFin API code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-0c44c1a2.js | AI (source-diff): Standard Rollup minified output; readable OpenFin API code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-4c8ebbdd.js | AI (source-diff): Standard Rollup minified output; readable OpenFin API code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-f3beed88.js | AI (source-diff): Standard Rollup minified output; readable OpenFin API code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-38d8c102.js | AI (source-diff): Standard Rollup minified bundle for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-d11f56d5.js | AI (source-diff): Standard Rollup minified bundle for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-0d11699e.js | AI (source-diff): Standard Rollup minified bundle for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-73e354d2.js | AI (source-diff): Standard Rollup minified bundle for this package; not obfuscation. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() in webpack bundle output; consistent with webpack module federation/template patterns. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() calls are in webpack-bundled shared worker output; standard webpack devtool pattern for this package. | ai | |
| source-diff | obfuscated-file:out/main-0ed2436e.js | AI (source-diff): Minified Rollup bundle output; readable logic, known deps, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-7fa37f01.js | AI (source-diff): Minified Rollup bundle output; readable logic, known deps, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-3425ccda.js | AI (source-diff): Minified Rollup bundle output; readable logic, known deps, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-011882ce.js | AI (source-diff): Minified Rollup bundle output; readable logic, known deps, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:out/main-8ff8f51f.js | AI (source-diff): Standard rollup minified output for OpenFin SDK; CJS variant of same bundle. | ai | |
| source-diff | obfuscated-file:out/main-efbd2043.js | AI (source-diff): Standard rollup minified output for OpenFin SDK; CJS entry importing from sibling bundle. | ai | |
| source-diff | obfuscated-file:out/main-9bf2e35c.js | AI (source-diff): Standard rollup minified output for OpenFin SDK; ESM entry importing from sibling bundle. | ai | |
| source-diff | obfuscated-file:out/main-3cd777a4.js | AI (source-diff): Standard rollup minified output for OpenFin SDK; readable logic, known imports, no malicious indicators. | ai | |
| source-diff | obfuscated-file:out/main-5e3f0044.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, known deps, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-dfb5e558.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, known deps, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-9b4b3ff9.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, known deps, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-03022045.js | AI (source-diff): Standard minified Rollup bundle output; readable logic, known deps, no malicious patterns. | ai | |
| source-diff | obfuscated-file:out/main-8e5ba594.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-8f7b6de8.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-841a9c82.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-70314dee.js | AI (source-diff): Standard Rollup minified bundle for OpenFin SDK; no malicious patterns in code samples. | ai | |
| source-diff | obfuscated-file:out/main-2294efc5.js | AI (source-diff): Minified rollup bundle output; standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-beec5f60.js | AI (source-diff): Minified rollup bundle output; standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-8ff45822.js | AI (source-diff): Minified rollup bundle output; standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-84ea9ca0.js | AI (source-diff): Minified rollup bundle output; standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:out/main-23020a63.js | AI (source-diff): Standard rollup/webpack minified bundle for this SDK; readable logic visible in samples, no obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-cb8f42a4.js | AI (source-diff): Standard rollup/webpack minified bundle; same pattern as other out/ artifacts in this package. | ai | |
| source-diff | obfuscated-file:out/main-ae277080.js | AI (source-diff): Standard rollup/webpack minified bundle; same pattern as other out/ artifacts in this package. | ai | |
| source-diff | obfuscated-file:out/main-9e2bb3a1.js | AI (source-diff): Standard rollup/webpack minified bundle; same pattern as other out/ artifacts in this package. | ai | |
| source-diff | obfuscated-file:out/main-9d01c834.js | AI (source-diff): Standard Rollup minified bundle output for this SDK; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-6324bdec.js | AI (source-diff): Standard Rollup minified bundle output for this SDK; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-8c3fcca0.js | AI (source-diff): Standard Rollup minified bundle output for this SDK; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-a6dde251.js | AI (source-diff): Standard Rollup minified bundle output for this SDK; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:out/main-0346bde1.js | AI (source-diff): Standard rollup bundle output for OpenFin SDK; minification is expected across all versions. | ai | |
| source-diff | obfuscated-file:out/main-961e826d.js | AI (source-diff): Standard rollup bundle output for OpenFin SDK; minification is expected across all versions. | ai | |
| source-diff | obfuscated-file:out/main-70f7b86a.js | AI (source-diff): Standard rollup bundle output for OpenFin SDK; minification is expected across all versions. | ai | |
| source-diff | obfuscated-file:out/main-41070dfd.js | AI (source-diff): Standard rollup bundle output for OpenFin SDK; minification is expected across all versions. | ai | |
| source-diff | obfuscated-file:out/main-23119e91.js | AI (source-diff): Rollup/webpack minified build output; standard for this OpenFin SDK package across all versions. | ai | |
| source-diff | obfuscated-file:out/main-ed980f47.js | AI (source-diff): Rollup/webpack minified build output; standard for this OpenFin SDK package across all versions. | ai | |
| source-diff | obfuscated-file:out/main-b5e8c3a3.js | AI (source-diff): Rollup/webpack minified build output; standard for this OpenFin SDK package across all versions. | ai | |
| source-diff | obfuscated-file:out/main-81ff9931.js | AI (source-diff): Rollup/webpack minified build output; standard for this OpenFin SDK package across all versions. | ai | |
| source-diff | obfuscated-file:out/main-a95f68ae.js | AI (source-diff): Standard rollup/webpack minified bundle output; consistent with this package's established build pattern. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a known implicit TypeScript runtime helper; phantom-dep false positive for this package. | ai | |
| phantom-deps | phantom-dep:url | AI (phantom-deps): url is a Node.js polyfill used transitively; phantom-dep false positive for this package. | ai | |
| source-diff | obfuscated-file:out/main-9aad5de7.js | AI (source-diff): Standard rollup/webpack minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-2bd69fed.js | AI (source-diff): Standard rollup/webpack minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:out/main-100233ff.js | AI (source-diff): Standard rollup/webpack minified bundle output; consistent with this package's established build pattern. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires in bundled rollup/webpack output; standard pattern for this package's build pipeline. | ai |
Versions (showing 100 of 263)
| Version | Deps | Published |
|---|---|---|
| 0.46.1 | 6 / 0 | |
| 0.46.0 | 6 / 0 | |
| 0.45.88 | 6 / 0 | |
| 0.45.87 | 6 / 0 | |
| 0.45.86 | 6 / 0 | |
| 0.45.85 | 6 / 0 | |
| 0.45.84 | 6 / 0 | |
| 0.45.83 | 6 / 0 | |
| 0.45.82 | 6 / 0 | |
| 0.45.81 | 6 / 0 | |
| 0.45.79 | 6 / 0 | |
| 0.45.77 | 6 / 0 | |
| 0.45.76 | 6 / 0 | |
| 0.45.75 | 6 / 0 | |
| 0.45.74 | 6 / 0 | |
| 0.45.73 | 6 / 0 | |
| 0.45.72 | 6 / 0 | |
| 0.45.71 | 6 / 0 | |
| 0.45.70 | 6 / 0 | |
| 0.45.69 | 6 / 0 | |
| 0.45.68 | 6 / 0 | |
| 0.45.66 | 6 / 0 | |
| 0.45.65 | 6 / 0 | |
| 0.45.64 | 6 / 0 | |
| 0.45.63 | 6 / 0 | |
| 0.45.62 | 6 / 0 | |
| 0.45.61 | 6 / 0 | |
| 0.45.60 | 6 / 0 | |
| 0.45.59 | 6 / 0 | |
| 0.45.58 | 6 / 0 | |
| 0.45.57 | 6 / 0 | |
| 0.45.55 | 6 / 0 | |
| 0.45.54 | 6 / 0 | |
| 0.45.50 | 6 / 0 | |
| 0.45.49 | 6 / 0 | |
| 0.45.48 | 6 / 0 | |
| 0.45.47 | 7 / 0 | |
| 0.45.46 | 7 / 0 | |
| 0.45.45 | 7 / 0 | |
| 0.45.44 | 7 / 0 | |
| 0.45.42 | 5 / 0 | |
| 0.45.41 | 5 / 0 | |
| 0.45.40 | 5 / 0 | |
| 0.45.39 | 5 / 0 | |
| 0.45.38 | 5 / 0 | |
| 0.45.37 | 5 / 0 | |
| 0.45.36 | 5 / 0 | |
| 0.45.31 | 5 / 0 | |
| 0.45.29 | 5 / 0 | |
| 0.45.28 | 5 / 0 | |
| 0.45.26 | 5 / 0 | |
| 0.45.22 | 5 / 0 | |
| 0.45.18 | 5 / 0 | |
| 0.45.17 | 5 / 0 | |
| 0.44.111 | 6 / 0 | |
| 0.44.110 | 6 / 0 | |
| 0.44.109 | 6 / 0 | |
| 0.44.108 | 7 / 0 | |
| 0.44.107 | 5 / 0 | |
| 0.44.106 | 5 / 0 | |
| 0.44.105 | 5 / 0 | |
| 0.44.104 | 5 / 0 | |
| 0.44.61 | 5 / 0 | |
| 0.44.60 | 5 / 0 | |
| 0.44.59 | 5 / 0 | |
| 0.44.58 | 5 / 0 | |
| 0.44.57 | 5 / 0 | |
| 0.44.56 | 5 / 0 | |
| 0.44.53 | 5 / 0 | |
| 0.44.52 | 5 / 0 | |
| 0.44.51 | 5 / 0 | |
| 0.44.50 | 5 / 0 | |
| 0.44.49 | 5 / 0 | |
| 0.44.48 | 5 / 0 | |
| 0.44.47 | 5 / 0 | |
| 0.44.46 | 5 / 0 | |
| 0.44.45 | 5 / 0 | |
| 0.44.39 | 5 / 0 | |
| 0.44.38 | 5 / 0 | |
| 0.44.35 | 5 / 0 | |
| 0.44.33 | 5 / 0 | |
| 0.44.32 | 5 / 0 | |
| 0.44.31 | 5 / 0 | |
| 0.44.30 | 5 / 0 | |
| 0.44.29 | 5 / 0 | |
| 0.44.28 | 5 / 0 | |
| 0.44.27 | 5 / 0 | |
| 0.44.26 | 5 / 0 | |
| 0.44.25 | 5 / 0 | |
| 0.44.24 | 5 / 0 | |
| 0.44.23 | 5 / 0 | |
| 0.44.22 | 5 / 0 | |
| 0.44.21 | 5 / 0 | |
| 0.44.20 | 5 / 0 | |
| 0.44.19 | 5 / 0 | |
| 0.44.18 | 5 / 0 | |
| 0.44.17 | 5 / 0 | |
| 0.44.16 | 5 / 0 | |
| 0.44.15 | 5 / 0 | |
| 0.44.14 | 5 / 0 |
v0.46.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.46.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.88
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.87
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.86
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.85
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.84
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.83
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.82
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.81
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.79
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.77
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.76
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.75
7 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitLab CI/CD.
This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.74
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.73
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.72
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.71
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.70
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.69
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.68
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.66
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.55
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.49
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.45.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.111
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.49
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.44.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.