@openmrs/esm-patient-search-app
Patient search microfrontend for O3
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/1789.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/1994.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/2328.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/2328.js | AI (source-diff): Webpack chunk with dynamic module loading (n.e/n.r); standard bundler pattern, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/3378.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/3989.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/4145.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/466.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/4726.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/4777.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/4959.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/5882.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/590.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/6508.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/689.js | AI (source-diff): Standard webpack minified bundle for OpenMRS ESM; not obfuscated malware. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count reflects webpack code-splitting of a React microfrontend; expected for this package. | ai | |
| phantom-deps | phantom-dep:lodash-es | AI (phantom-deps): lodash-es is a declared runtime dep; phantom-dep heuristic false positive for this package. | ai |
v11.0.0
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.