@oracle/oraclejet-preact
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:amd/BaseDiagram-4ca3a650.js | AI (source-diff): Standard AMD minified bundle for Oracle JET diagram component. | ai | |
| source-diff | obfuscated-file:amd/BarChart-4ac1effa.js | AI (source-diff): Standard AMD minified bundle for Oracle JET chart component; no malicious patterns. | ai | |
| source-diff | obfuscated-file:amd/BarChart-8521c53a.js | AI (source-diff): Standard minified AMD bundle for Oracle JET UI components; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/BaseRichSelection-a292f625.js | AI (source-diff): Standard minified AMD bundle for Oracle JET form component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BaseNavigationListItem-fe9cb691.js | AI (source-diff): Standard minified AMD bundle for Oracle JET nav component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BaseCardViewSelectionTest-59b13d8a.js | AI (source-diff): Standard minified AMD test bundle for Oracle JET; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BaseCardView-ab799b69.js | AI (source-diff): Standard minified AMD bundle for Oracle JET card view component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BaseButton-9f103e94.js | AI (source-diff): Standard minified AMD bundle for Oracle JET button component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BarGroup-76ef0839.js | AI (source-diff): Standard minified AMD bundle for Oracle JET chart component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BarChart-e8bdebe6.js | AI (source-diff): Standard minified AMD bundle for Oracle JET chart component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BarChart-0ad4ca6d.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| phantom-deps | phantom-dep:@oracle/oraclejet-testing | AI (phantom-deps): Same Oracle org scope; testing dep used indirectly in test bundles shipped in package. | ai | |
| source-diff | obfuscated-file:amd/BaseRichSelection-33a97275.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BaseNavigationListItem-84f4be5c.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BaseCardViewSelectionTest-00655472.js | AI (source-diff): Standard AMD minified Preact test utility bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BaseCardView-4f88499c.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BaseButton-c86afd54.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BarGroup-d6909cb1.js | AI (source-diff): Standard AMD minified Preact component bundle; expected output for @oracle/oraclejet-preact. | ai | |
| source-diff | obfuscated-file:amd/BarChart-379e0e10.js | AI (source-diff): Minified AMD bundle for Oracle JET chart component; standard build output for this library. | ai | |
| source-diff | obfuscated-file:amd/Chart-57d1c518.js | AI (source-diff): Minified AMD bundle for Oracle JET chart component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseCardViewSelectionTest-ac780d4f.js | AI (source-diff): Minified AMD test bundle for Oracle JET; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseTabBarItem-6e22fcbc.js | AI (source-diff): Minified AMD bundle for Oracle JET tab bar component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseSwatchView-2c401b4d.js | AI (source-diff): Minified AMD bundle for Oracle JET swatch view component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseRichSelection-57e02c2d.js | AI (source-diff): Minified AMD bundle for Oracle JET selection component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseCardView-825b1327.js | AI (source-diff): Minified AMD bundle for Oracle JET card view component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/BaseDiagram-7757c344.js | AI (source-diff): Minified AMD bundle for Oracle JET diagram component; standard build output. | ai | |
| source-diff | obfuscated-file:amd/DatePicker-cf0e3fcd.js | AI (source-diff): Standard minified AMD bundle for Oracle JET date picker component; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/BarChart-e3c190b5.js | AI (source-diff): Standard minified AMD bundle for Oracle JET chart component; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/BaseDiagram-b9695479.js | AI (source-diff): Standard minified AMD bundle for Oracle JET diagram component; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/Chart-00a1b01f.js | AI (source-diff): Standard minified AMD bundle for Oracle JET chart component; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/ComboChart-36e22cb8.js | AI (source-diff): Standard minified AMD bundle for Oracle JET combo chart component; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:amd/BaseCardViewSelectionTest-edac2bbb.js | AI (source-diff): Standard minified AMD bundle; readable test utility code. | ai | |
| source-diff | obfuscated-file:amd/BaseTabBarItem-cdec0e90.js | AI (source-diff): Standard minified AMD bundle for Oracle JET tab bar component. | ai | |
| source-diff | obfuscated-file:amd/BaseSwatchView-4d204ce0.js | AI (source-diff): Standard minified AMD bundle for Oracle JET swatch view component. | ai | |
| source-diff | obfuscated-file:amd/BaseRichSelection-7f20b3af.js | AI (source-diff): Standard minified AMD bundle for Oracle JET form component. | ai | |
| source-diff | obfuscated-file:amd/BaseNavigationListItem-cb5c260b.js | AI (source-diff): Standard minified AMD bundle for Oracle JET navigation component. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count is expected for Oracle JET's multi-format (cjs/es/amd) component library distribution. | ai | |
| source-diff | obfuscated-file:amd/BaseCardView-bc694015.js | AI (source-diff): Standard minified AMD bundle for Oracle JET card view component. | ai | |
| source-diff | obfuscated-file:amd/BarGroup-c171e6cb.js | AI (source-diff): Standard minified AMD bundle; readable SVG/chart component code. | ai | |
| source-diff | obfuscated-file:amd/BarChart-d94f9c56.js | AI (source-diff): Standard minified AMD bundle for Oracle JET; readable Preact component logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:amd/BaseCardViewSelectionTest-4fae7370.js | AI (source-diff): Minified test utility file for Oracle JET card view; no malicious patterns. | ai | |
| source-diff | obfuscated-file:amd/Chart-d9eafc7a.js | AI (source-diff): Standard AMD minified bundle; legitimate chart component code. | ai | |
| source-diff | obfuscated-file:amd/BaseCardView-16fda4c3.js | AI (source-diff): Standard AMD minified bundle; legitimate Preact component code. | ai | |
| source-diff | obfuscated-file:amd/BarChart-994cb8f0.js | AI (source-diff): Standard AMD minified bundle for Oracle JET chart component; pattern is stable across all versions of this package. | ai | |
| source-diff | obfuscated-file:amd/TextAreaAutosize-3a13ebb2.js | AI (source-diff): Standard AMD minified bundle; legitimate text area component code. | ai | |
| source-diff | obfuscated-file:amd/TextArea-4a3b8b56.js | AI (source-diff): Standard AMD minified bundle; legitimate text area component code. | ai | |
| source-diff | obfuscated-file:amd/TabBarMixed-cfd346bf.js | AI (source-diff): Standard AMD minified bundle; legitimate tab bar component code. | ai | |
| source-diff | obfuscated-file:amd/ScatterChart-7bd0f601.js | AI (source-diff): Standard AMD minified bundle; legitimate chart component code. | ai | |
| source-diff | obfuscated-file:amd/NavigationListLinkItem-161049bb.js | AI (source-diff): Standard AMD minified bundle; legitimate navigation component code. | ai | |
| source-diff | obfuscated-file:amd/NavigationListItem-9df5446c.js | AI (source-diff): Standard AMD minified bundle; legitimate navigation component code. | ai | |
| source-diff | obfuscated-file:amd/ListView-02a92d18.js | AI (source-diff): Standard AMD minified bundle; legitimate list view component code. | ai | |
| source-diff | obfuscated-file:amd/LineAreaChart-47fc17d2.js | AI (source-diff): Standard AMD minified bundle; legitimate chart component code. | ai | |
| source-diff | obfuscated-file:amd/ComboChart-5a6f6c8a.js | AI (source-diff): Standard AMD minified bundle; legitimate chart component code. | ai | |
| phantom-deps | phantom-dep:csstype | AI (phantom-deps): csstype is explicitly declared as a runtime dependency in package.json; phantom-dep is a false positive here. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 20.1.1 | 2 / 0 | |
| 20.1.0 | 2 / 0 | |
| 20.0.5 | 2 / 0 | |
| 20.0.4 | 2 / 0 | |
| 20.0.3 | 2 / 0 | |
| 19.0.8 | 2 / 0 | |
| 19.0.7 | 2 / 0 | |
| 19.0.6 | 2 / 0 | |
| 18.1.9 | 2 / 0 | |
| 18.0.14 | 2 / 0 |
v20.1.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.1.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wlouie-orcl) than the most recent previously approved version (meghana-vadlapally) on 2026-05-19, but wlouie-orcl is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v20.0.5
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.0.4
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v19.0.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v19.0.7
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v19.0.6
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v18.1.9
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v18.0.14
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.