@opentui/core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:index-218h9p3f.js | AI (source-diff): Bun bundler output with clear structure; not obfuscated. Stable for this package. | ai | |
| source-diff | obfuscated-file:index-jx0p1c2f.js | AI (source-diff): Bun-bundled output with readable exports; not obfuscated. Stable for this package. | ai | |
| source-diff | obfuscated-file:index-qfwqv8y3.js | AI (source-diff): Bun-bundled output of declared deps; consistent pattern across versions. | ai | |
| source-diff | obfuscated-file:index-6wjgtc1f.js | AI (source-diff): Bun bundler output with standard module helpers; not obfuscated. | ai | |
| source-diff | obfuscated-file:index-04gp15zc.js | AI (source-diff): Bun bundler output with readable structure; not obfuscated. Stable for this package. | ai | |
| source-diff | obfuscated-file:index-jv9g79dk.js | AI (source-diff): Bun-bundled output with sourcemaps; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-ysvpktsp.js | AI (source-diff): Bun bundler output, not obfuscation; readable exports and comments throughout. | ai | |
| source-diff | obfuscated-file:index-081xws23.js | AI (source-diff): Bun bundler output with readable named exports; not obfuscated. | ai | |
| source-diff | obfuscated-file:index-07knw1vn.js | AI (source-diff): Bun bundler output with standard module helpers; not obfuscation. | ai | |
| source-diff | obfuscated-file:index-3fq5hq97.js | AI (source-diff): Bun bundler output with clear structure; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-hmk8xzt3.js | AI (source-diff): Bun bundler output bundling yoga-layout; standard minified build artifact for this package. | ai | |
| source-diff | obfuscated-file:index-s460mpf9.js | AI (source-diff): Bun-bundled output with readable structure; not obfuscated. | ai | |
| source-diff | obfuscated-file:index-t4yn324k.js | AI (source-diff): Bun bundler output, not obfuscation; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-b9g14b8c.js | AI (source-diff): Bun-bundled output with clear module paths; not obfuscated. | ai | |
| phantom-deps | phantom-dep:string-width | AI (phantom-deps): Likely bundled into Bun output; not directly imported but used transitively. | ai | |
| source-diff | obfuscated-file:index-mw2x3082.js | AI (source-diff): Bun-bundled output (// @bun header); minification is expected for this package's build process. | ai | |
| phantom-deps | phantom-dep:strip-ansi | AI (phantom-deps): Likely bundled into Bun output; not directly imported but used transitively. | ai | |
| source-diff | obfuscated-file:index-jct3zgy3.js | AI (source-diff): Bun-bundled output (// @bun header); minification is expected for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:index-rje6z21e.js | AI (source-diff): File is a Bun-bundled build artifact (// @bun header, standard Bun module boilerplate). Long lines are expected from bundling; source map is included. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-916mvx7m.js | AI (source-diff): File is a Bun-bundled build artifact (// @bun header) with accompanying source map; standard build output for this package, not obfuscation. | ai | |
| source-diff | obfuscated-file:index-qr7b6cvh.js | AI (source-diff): File is a standard Bun bundler output (// @bun header); long lines are minified bundle artifact, not malicious obfuscation. Pattern is stable for this package's build process. | ai | |
| source-diff | obfuscated-file:index-fv58mb45.js | AI (source-diff): File is Bun-bundled output (// @bun header, standard Bun module boilerplate). Minification is expected for this build artifact; source map is included. Not intentional obfuscation. | ai | |
| source-diff | obfuscated-file:index-a215gqtt.js | AI (source-diff): File is a standard Bun bundler output (// @bun header, standard Bun module boilerplate). Long lines are from bundling, not malicious obfuscation. Accompanied by a source map. | ai | |
| source-diff | obfuscated-file:index-0razn4m6.js | AI (source-diff): File is a Bun bundler output (// @bun header, standard ESM interop boilerplate, accompanied by .map source map). Long lines are expected for bundled artifacts, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-mrwvcpzb.js | AI (source-diff): Hash-suffixed file is a standard Bun bundler output artifact (// @bun header, ESM interop boilerplate, source map included). Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-rrt84m8j.js | AI (source-diff): File is a Bun bundler output (// @bun header, standard Bun runtime boilerplate). Long lines are from bundling, not malicious obfuscation. Source map is included. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-nkrr8a4c.js | AI (source-diff): File is Bun bundler output (// @bun header, characteristic ESM interop boilerplate). Source maps are included. Long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:index-ve2seej0.js | AI (source-diff): File is a Bun-compiled bundle (// @bun header, standard ESM boilerplate, source map included). Long lines are from bundling, not malicious obfuscation. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-phtsmwj4.js | AI (source-diff): File is a Bun bundler output (// @bun header, content-hashed filename, source map included). Minified but not maliciously obfuscated; consistent with this package's build toolchain. | ai | |
| source-diff | obfuscated-file:index-cr95zpf8.js | AI (source-diff): File is a Bun bundler output (// @bun header, standard bundler boilerplate, accompanying .js.map). Long lines are minification artifacts, not obfuscation. Pattern is stable for this package's build process. | ai | |
| source-diff | obfuscated-file:index-e89anq5x.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Accompanied by source maps. Not obfuscation — this is the package's documented build artifact pattern. | ai | |
| source-diff | obfuscated-file:index-h3dbfsf6.js | AI (source-diff): File is Bun-bundled output (// @bun header, standard Bun ESM interop boilerplate). Long lines are from bundler, not obfuscation. Source map is included, consistent with legitimate build tooling. | ai | |
| source-diff | obfuscated-file:index-s0q9547t.js | AI (source-diff): File is standard Bun bundler output (// @bun header, ESM interop boilerplate). Long lines are expected in bundled artifacts; accompanied by a source map. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-93qf6w1k.js | AI (source-diff): File is a standard Bun-compiled bundle (// @bun header, ESM boilerplate). Long lines are from bundling, not obfuscation. Consistent with this package's documented build approach across versions. | ai | |
| source-diff | obfuscated-file:index-0wbvecnk.js | AI (source-diff): File is Bun bundler output (// @bun header, standard ESM interop boilerplate, accompanied by .js.map source map). Long lines are from bundling, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-zj0wwh9d.js | AI (source-diff): File is a Bun-compiled bundle (// @bun header) of the package's own source with accompanying source maps. Standard build artifact for this project, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-adyhxxja.js | AI (source-diff): File is a Bun-bundled output (// @bun header) with accompanying source map. Long lines are expected from Bun's bundler, not obfuscation. Pattern is stable for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): The 'diff' package (v8.0.2) is a well-established npm package with no malicious history. Addition is benign for this TUI library. | ai | |
| source-diff | obfuscated-file:index-rysm4rsr.js | AI (source-diff): File is Bun bundler output (// @bun header), not malicious obfuscation. Long lines are standard build artifact behavior; source map is included. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-689t9q65.js | AI (source-diff): File is a standard Bun bundler output (// @bun header), not hand-obfuscated code. Long lines are expected in bundled artifacts for this package. | ai | |
| source-diff | obfuscated-file:index-h33hh1n5.js | AI (source-diff): File is a standard Bun bundler output (// @bun header, ESM interop boilerplate). Long lines are from minification, not malicious obfuscation. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-crebvcxc.js | AI (source-diff): File is a Bun bundler output (// @bun header), not intentional obfuscation. Long lines are a Bun build artifact; source map is included. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-d4f5t33k.js | AI (source-diff): File is a Bun-bundled build artifact (// @bun header, content-hashed filename, accompanying .map file). Long lines are from bundling, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-n8nbvvhk.js | AI (source-diff): File is Bun-bundled output (// @bun header); long lines are an artifact of bundling, not obfuscation. Source is publicly visible on GitHub at sst/opentui and contains no malicious patterns. | ai | |
| source-diff | obfuscated-file:index-vnvba6q9.js | AI (source-diff): File is a Bun-compiled bundle (// @bun header) — long lines are standard Bun bundler output, not intentional obfuscation. Source map is included. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-zrvzvh6r.js | AI (source-diff): File is a Bun bundler output (// @bun header, standard ESM shims). Long lines are minification artifacts, not obfuscation. Consistent with the package's documented build toolchain. | ai | |
| source-diff | obfuscated-file:index-2yz42vd4.js | AI (source-diff): File is a standard Bun bundler output (// @bun header, ESM/CJS interop boilerplate). Long lines are minification artifacts, not obfuscation. Source map is included. | ai | |
| source-diff | obfuscated-file:index-4sjb8n0n.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Long lines are from bundling, not hand-crafted obfuscation. Stable false positive for this package's build toolchain. | ai | |
| source-diff | obfuscated-file:index-vhxgbbed.js | AI (source-diff): File is a Bun bundler output (// @bun header, standard ESM boilerplate) with a matching 947KB source map. Long lines are from bundling, not intentional obfuscation. Consistent with this package's build process. | ai | |
| source-diff | obfuscated-file:index-aedd54rx.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Source map is included. Matches sst/opentui GitHub repo. Not obfuscation. | ai | |
| source-diff | obfuscated-file:index-rkpj2eng.js | AI (source-diff): File is a Bun-bundled output (// @bun header) with a matching source map shipped alongside it. Long lines are minification artifacts, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:index-f5t80vp1.js | AI (source-diff): File is a Bun-compiled bundle (// @bun header) with accompanying source map. Standard build artifact for this Bun-based TUI library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:index-7bav3fax.js | AI (source-diff): File is a Bun-bundled output (// @bun header, standard ESM bundler boilerplate). Long lines are from bundling, not obfuscation. Source map is included and repo is public on GitHub under sst org. | ai | |
| source-diff | obfuscated-file:index-ztfy2qy3.js | AI (source-diff): File is a Bun-compiled bundle (// @bun header) with accompanying source map; long lines are standard bundler output, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-xsfpee0k.js | AI (source-diff): File is standard Bun bundler output (// @bun header, ESM/CJS interop boilerplate). Long lines are minification artifacts, not obfuscation. Source maps are included. Consistent with this package's build toolchain. | ai | |
| source-diff | obfuscated-file:index-8978gvk3.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Accompanied by source maps. Not obfuscation — legitimate build artifact for this TUI library. | ai | |
| source-diff | obfuscated-file:index-qpcsqve6.js | AI (source-diff): File is standard Bun bundler output (// @bun header, ESM/CJS interop boilerplate). Minification is expected for this TUI library's build artifacts; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:index-wv534m5j.js | AI (source-diff): File is Bun bundler output (// @bun header, standard ESM shims). Source maps are included. Code is open-source on GitHub. This pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:index-zkcykvp8.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Long lines are minified bundle artifacts, not malicious obfuscation. Source maps are included. | ai | |
| source-diff | obfuscated-file:index-vy1rm1x3.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate). Long lines are a bundler artifact, not obfuscation or malware. | ai | |
| source-diff | obfuscated-file:index-4kfx7p6q.js | AI (source-diff): File is a Bun-bundled build artifact (// @bun header, standard ESM interop boilerplate) with accompanying source maps. Long lines are from bundling, not intentional obfuscation. | ai | |
| source-diff | obfuscated-file:index-kgg0v67t.js | AI (source-diff): File is Bun bundler output (// @bun header, standard ESM interop boilerplate). Long lines are from bundling, not malicious obfuscation. Source maps are also shipped, confirming legitimate build artifact. | ai | |
| source-diff | obfuscated-file:index-e4g80551.js | AI (source-diff): File is standard Bun bundler output (// @bun header, __toESM/__commonJS boilerplate) with accompanying source maps. Legitimate build artifact for this TUI library, not malicious obfuscation. | ai | |
| phantom-deps | phantom-dep:jimp | AI (phantom-deps): jimp is a declared dependency that is bundled into the distribution; phantom-dep finding is expected for bundled packages. | ai | |
| phantom-deps | phantom-dep:diff | AI (phantom-deps): diff is a declared dependency that is bundled into the distribution; phantom-dep finding is expected for bundled packages. | ai | |
| source-diff | obfuscated-file:index-mdxq0qtt.js | AI (source-diff): File is Bun bundler output (// @bun header, standard ESM interop boilerplate). Long lines are from bundling/minification, not malicious obfuscation. Source maps are included. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() in a Proxy get trap is idiomatic JavaScript, not obfuscation. Pattern is stable across versions of this bundled library. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @opentui/core is a legitimate TUI library with 197 versions and a GitHub repo; 'core' vs 'cors' is a coincidental Levenshtein match, not impersonation. | ai |
Versions (showing 51 of 128)
| Version | Deps | Published |
|---|---|---|
| 0.3.2 | 6 / 6 | |
| 0.3.1 | 6 / 6 | |
| 0.3.0 | 6 / 6 | |
| 0.2.16 | 6 / 6 | |
| 0.2.15 | 6 / 6 | |
| 0.2.14 | 6 / 6 | |
| 0.2.13 | 6 / 6 | |
| 0.2.12 | 6 / 6 | |
| 0.2.11 | 6 / 6 | |
| 0.2.10 | 6 / 6 | |
| 0.2.9 | 6 / 6 | |
| 0.2.8 | 6 / 6 | |
| 0.2.7 | 6 / 6 | |
| 0.2.6 | 6 / 6 | |
| 0.2.5 | 6 / 6 | |
| 0.2.4 | 6 / 6 | |
| 0.2.3 | 6 / 6 | |
| 0.2.2 | 6 / 6 | |
| 0.2.1 | 6 / 6 | |
| 0.2.0 | 7 / 7 | |
| 0.1.107 | 7 / 7 | |
| 0.1.106 | 5 / 7 | |
| 0.1.105 | 5 / 6 | |
| 0.1.104 | 5 / 6 | |
| 0.1.103 | 5 / 6 | |
| 0.1.102 | 5 / 6 | |
| 0.1.101 | 5 / 6 | |
| 0.1.100 | 5 / 6 | |
| 0.1.99 | 5 / 6 | |
| 0.1.98 | 5 / 6 | |
| 0.1.97 | 5 / 6 | |
| 0.1.96 | 5 / 6 | |
| 0.1.95 | 5 / 6 | |
| 0.1.94 | 5 / 6 | |
| 0.1.93 | 5 / 6 | |
| 0.1.92 | 5 / 6 | |
| 0.1.91 | 5 / 6 | |
| 0.1.90 | 5 / 6 | |
| 0.1.89 | 5 / 6 | |
| 0.1.88 | 5 / 6 | |
| 0.1.87 | 5 / 6 | |
| 0.1.86 | 5 / 6 | |
| 0.1.85 | 5 / 6 | |
| 0.1.84 | 5 / 6 | |
| 0.1.83 | 5 / 6 | |
| 0.1.82 | 5 / 6 | |
| 0.1.81 | 5 / 6 | |
| 0.1.80 | 5 / 6 | |
| 0.1.79 | 5 / 6 | |
| 0.1.78 | 5 / 6 | |
| 0.1.77 | 5 / 6 |
v0.3.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.16
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.15
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.14
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.13
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.12
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.106
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.105
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.104
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.103
2 findingsPackage name '@opentui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.102
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.101
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.100
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.99
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.98
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.97
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.96
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.95
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.94
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.93
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.92
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.91
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.90
2 findingsPackage name '@opentui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.89
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.88
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.87
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.86
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.85
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.84
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.83
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.82
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.81
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.80
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.79
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.78
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.77
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.