@openui5/sap.ui.integration
OpenUI5 UI Library sap.ui.integration
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/cs-BVi3NBx2.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/de-DpMS1P9x.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/de_AT-DVWPcXpS.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/de_CH-CfU5U4in.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/cnr-jy3FEGQX.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/da-CeRjp7Gw.js | AI (source-diff): Minified CLDR locale data with Unicode license header; not obfuscated malware. | ai | |
| source-diff | net-exec-file:src/sap/ui/integration/designtime/thirdparty/ajv.js | AI (source-diff): AJV JSON schema validator; new Function() is its documented schema-compilation mechanism, not malware. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): AJV schema compiler pattern; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ca-CkzsZJhe.js | AI (source-diff): CLDR locale data file (Catalan) with explicit Unicode license header; minified data bundle. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_EG-CGlHr-jg.js | AI (source-diff): CLDR locale data file (Arabic Egypt) with explicit Unicode license header; minified data bundle, not malicious. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_SA-D0iF05tg.js | AI (source-diff): CLDR locale data file (Arabic Saudi Arabia) with explicit Unicode license header; minified data bundle. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar-gaI1v_KV.js | AI (source-diff): CLDR locale data file (Arabic) with explicit Unicode license header; minified data bundle. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/bg-CJrwzo8x.js | AI (source-diff): CLDR locale data file (Bulgarian) with explicit Unicode license header; minified data bundle. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.ui.table | AI (phantom-deps): Same @openui5 org scope; OpenUI5 packages declare deps for module resolution without direct imports. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ca-432aede8.js | AI (source-diff): CLDR locale data file (Unicode license); minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_EG-bec371f8.js | AI (source-diff): CLDR locale data file (Unicode license); minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/bg-c8a3d631.js | AI (source-diff): CLDR locale data file (Unicode license); minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar-3d86671f.js | AI (source-diff): CLDR locale data file (Unicode license); minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_SA-013516b9.js | AI (source-diff): CLDR locale data file (Unicode license); minified by design, not obfuscated malware. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Size increase explained by addition of legitimate thirdparty bundles (AdaptiveCards, CLDR locale data); stable for this package. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_SA-CVd8CQkH.js | AI (source-diff): CLDR locale data file with explicit Unicode license header; minified by nature. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/adaptive-expressions.js | AI (source-diff): Legitimate minified Microsoft adaptive-expressions library vendored as thirdparty dependency. | ai | |
| source-diff | net-exec-file:src/sap/ui/integration/thirdparty/adaptive-expressions.js | AI (source-diff): False positive on browserify UMD wrapper; no actual network calls or dynamic code execution in malicious sense. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar_EG-CsHsH5NB.js | AI (source-diff): CLDR locale data file with explicit Unicode license header; minified by nature. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ar-BBtO1xV9.js | AI (source-diff): CLDR locale data file with explicit Unicode license header; minified by nature. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/bg-B1LO90TV.js | AI (source-diff): CLDR locale data file with explicit Unicode license header; minified by nature. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/webcomponents/ca-D59F9iL9.js | AI (source-diff): CLDR locale data file with explicit Unicode license header; minified by nature. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase reflects addition of adaptive cards feature with vendored thirdparty libraries, not injected payload. | ai | |
| source-diff | net-exec-file:src/sap/ui/integration/thirdparty/webcomponents/bundle.es5.js | AI (source-diff): XHR calls are from css-vars-ponyfill polyfill fetching CSS; no dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/adaptivecards.js | AI (source-diff): Standard webpack bundle of Microsoft's AdaptiveCards library with MIT license header; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/thirdparty/adaptivecards-templating.js | AI (source-diff): Standard webpack bundle of Microsoft's adaptivecards-templating library; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:src/sap/ui/integration/designtime/cardEditor/util/CommonPatterns.js | AI (source-diff): Long line is a complex email validation regex in an OpenUI5 SAP-licensed file, not obfuscated malware. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.m | AI (phantom-deps): Sibling monorepo package; runtime-loaded via UI5 module system, not static import. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() used solely as a CSP capability probe (eval("") in try/catch); not an arbitrary code execution risk. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.f | AI (phantom-deps): Sibling monorepo package; runtime-loaded via UI5 module system, not static import. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.ui.unified | AI (phantom-deps): Sibling monorepo package; runtime-loaded via UI5 module system, not static import. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.ui.layout | AI (phantom-deps): Sibling monorepo package; runtime-loaded via UI5 module system, not static import. | ai | |
| phantom-deps | phantom-dep:@openui5/sap.ui.core | AI (phantom-deps): Sibling monorepo package; runtime-loaded via UI5 module system, not static import. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 1.148.0 | 5 / 0 | |
| 1.147.1 | 5 / 0 | |
| 1.147.0 | 5 / 0 | |
| 1.145.3 | 5 / 0 | |
| 1.145.2 | 5 / 0 | |
| 1.145.1 | 5 / 0 | |
| 1.142.9 | 5 / 0 | |
| 1.142.8 | 5 / 0 | |
| 1.142.7 | 5 / 0 | |
| 1.136.17 | 6 / 0 | |
| 1.136.16 | 6 / 0 | |
| 1.136.15 | 6 / 0 | |
| 1.120.44 | 5 / 0 | |
| 1.120.43 | 5 / 0 | |
| 1.108.50 | 2 / 0 | |
| 1.96.46 | 2 / 0 | |
| 1.96.45 | 2 / 0 | |
| 1.84.56 | 2 / 0 | |
| 1.84.55 | 2 / 0 | |
| 1.71.78 | 2 / 0 | |
| 1.71.77 | 2 / 0 | |
| 1.71.76 | 2 / 0 | |
| 1.71.75 | 2 / 0 | |
| 1.71.74 | 2 / 0 | |
| 1.71.73 | 2 / 0 | |
| 1.71.72 | 2 / 0 |
v1.148.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.147.0
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.145.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.145.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.145.1
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.8
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.7
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.136.17
46 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.136.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.136.15
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.120.44
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.120.43
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.108.50
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.96.46
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.96.45
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.84.56
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.84.55
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.75
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.72
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.