@ottocode/web-ui
Embeddable web UI for ottocode - pre-built static assets
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/web-assets/assets/index-BQOaUuwy.js | AI (source-diff): Main app bundle; minified Vite output expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-BKmxGWoW.js | AI (source-diff): Lucide icons bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-3ZCiVe_e.js | AI (source-diff): Minified main app bundle; expected output for this pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BuFXkG8c.js | AI (source-diff): Main app bundle from Vite build; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-Du71mE1w.js | AI (source-diff): Minified Lucide icons bundle; expected output for this pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-SoMAbV2r.js | AI (source-diff): Vite-bundled main app entry; minification is expected for this pre-built UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-lT3dLKOF.js | AI (source-diff): Vite modulepreload polyfill pattern; appends link tags to document head, not a dropper. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-lT3dLKOF.js | AI (source-diff): Syntax highlighter bundle with Vite modulepreload polyfill; not malicious. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-1UgIBSMP.js | AI (source-diff): Markdown renderer bundle (remark/rehype); standard minified library code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BbojAyU-.js | AI (source-diff): Main Vite app bundle; standard minified UI code with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-BtTeIbwT.js | AI (source-diff): Lucide icons bundle; recognizable icon library code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-DyqkTsye.js | AI (source-diff): Standard Vite-bundled React framework chunk; minified but not malicious. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DsYv7tnQ.js | AI (source-diff): Main UI bundle; minified not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-Cg4-HpN3.js | AI (source-diff): Lucide icons bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DM66KqmX.js | AI (source-diff): Main app bundle; minified Vite output expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DY9HlLZu.js | AI (source-diff): Minified main app bundle; expected Vite build output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-iVB23gHy.js | AI (source-diff): Main app bundle from Vite build; imports from framework/icons/syntax/markdown chunks. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CvdtkL65.js | AI (source-diff): Lucide icons bundle; clearly identifiable SVG icon components. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-mDKLcM8A.js | AI (source-diff): Bundled Lucide icons library; minified SVG/React code, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-B9rWX7Ud.js | AI (source-diff): Main app bundle from Vite build; minified but readable React/Zustand patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CtD8bWyg.js | AI (source-diff): Vite-built minified bundle for a pre-built static web UI package; content-hashed filename is standard Vite output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Dxi06O4n.js | AI (source-diff): Main app bundle; minified Vite output expected for this pre-built static UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-D_viRv-j.js | AI (source-diff): Lucide icons bundle; minified output is expected for this pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-ABrkALem.js | AI (source-diff): Main Vite app bundle; minified React UI code, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CLbYyuxe.js | AI (source-diff): Vite-bundled main UI entry point; standard modulepreload polyfill and state management patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-BY5cK1SU.js | AI (source-diff): Standard Vite-bundled React runtime; minification is expected for this web-UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-f4hBUdXn.js | AI (source-diff): Vite modulepreload polyfill pattern; not malicious network+exec, stable for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-f4hBUdXn.js | AI (source-diff): Syntax highlighter bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CNH9Q9GU.js | AI (source-diff): Markdown renderer bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-f73idrgf.js | AI (source-diff): Main Vite app bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-COdbBiFL.js | AI (source-diff): Lucide icons bundle; minified output is expected for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DebNM20a.js | AI (source-diff): Pre-built Vite bundle for an embedded web UI; minified output is expected and the sample shows normal ES module imports. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-D44pixC7.js | AI (source-diff): Main UI bundle; standard Vite minified output for this web-ui package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-DYSs5-2u.js | AI (source-diff): Markdown renderer bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Dpn0WO_W.js | AI (source-diff): Main app bundle from Vite build; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-ye4Zez5e.js | AI (source-diff): Lucide icons bundle; minified output is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-DxqXmdZ8.js | AI (source-diff): Standard Vite-bundled React framework chunk; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-C3kxBYZ9.js | AI (source-diff): False positive on minified syntax-highlighter; no actual dropper pattern in sample. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-C3kxBYZ9.js | AI (source-diff): Syntax highlighting bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Cmj8h4gI.js | AI (source-diff): Minified Vite app bundle; consistent with embedded web-UI package purpose. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DNZ-uL1o.js | AI (source-diff): Main app bundle; minified Vite output consistent with pre-built static UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-CKmazKPF.js | AI (source-diff): False positive on bundled syntax highlighter; no actual network fetch or eval in the sample. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-Bfi9-9qL.js | AI (source-diff): Standard Vite-bundled React runtime; minification is expected for this web-UI asset package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DyaxiImC.js | AI (source-diff): Minified Lucide icons bundle; expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-B2JHbjsv.js | AI (source-diff): Minified main app bundle; expected Vite output for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-69u93v4z.js | AI (source-diff): Minified markdown renderer bundle; expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-CKmazKPF.js | AI (source-diff): Minified syntax highlighting bundle; expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-Ln4f-nh9.js | AI (source-diff): Standard Vite-minified React framework bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-BRhrdc2r.js | AI (source-diff): Network calls in a syntax-highlighter bundle are fetch/XHR for language grammars, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-BRhrdc2r.js | AI (source-diff): Minified syntax-highlighting bundle; benign build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-Q7QGwlry.js | AI (source-diff): Minified markdown renderer bundle; benign build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DsWF1NFS.js | AI (source-diff): Minified app bundle; standard Vite output for this UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CARqXbrn.js | AI (source-diff): Minified Lucide icons bundle; benign build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-Cz4lD20x.js | AI (source-diff): Lucide icon library bundle; minified output is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Ds-IYrZo.js | AI (source-diff): Main app bundle; minified output is expected for this embedded web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-D5rw5xWU.js | AI (source-diff): Main Vite app bundle; standard minified React app output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CFA6m3qB.js | AI (source-diff): Lucide icons bundle; recognizable SVG icon definitions, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons--hRXd7JA.js | AI (source-diff): Lucide icon library bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-B73Ut569.js | AI (source-diff): remark/rehype markdown bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DO3KOwPS.js | AI (source-diff): Main Vite app bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-BXn0na8z.js | AI (source-diff): Syntax highlighting bundle; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-D-SrxZTK.js | AI (source-diff): Standard Vite-bundled React runtime; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-BXn0na8z.js | AI (source-diff): False positive; file is a bundled syntax-highlighter with no actual network+exec dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-nJQAxzC3.js | AI (source-diff): Standard Vite-minified React framework bundle; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-C0SiaOCe.js | AI (source-diff): Network calls in syntax highlighter are fetch for modulepreload; no dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-C0SiaOCe.js | AI (source-diff): Minified syntax highlighter bundle; benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-1p5Y8Eag.js | AI (source-diff): Minified markdown renderer (remark/rehype); benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CE4C8Pqp.js | AI (source-diff): Vite-bundled main app entry; standard minification pattern. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CMdN2kBV.js | AI (source-diff): Minified Lucide icons bundle; benign UI library. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-C18ncDxS.js | AI (source-diff): Minified Vite app bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Xr3sqvuP.js | AI (source-diff): Standard Vite-bundled frontend asset; minified output is expected for this pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-KNHv74m0.js | AI (source-diff): Minified Vite build bundle; obfuscation finding is a false positive for this web-UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/index-KNHv74m0.js | AI (source-diff): Network calls are browser fetch() for modulepreload polyfill; no dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CBA0HqRb.js | AI (source-diff): Main Vite app bundle; minified by design, content consistent with declared web-UI purpose. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-C7MkE8TC.js | AI (source-diff): Main app bundle from Vite build; standard minified React app output. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-DvnlqWqW.js | AI (source-diff): False positive; network+exec pattern from syntax highlighter's worker/fetch, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-DvnlqWqW.js | AI (source-diff): Bundled syntax highlighting library; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-D0guvcq8.js | AI (source-diff): Bundled remark/rehype markdown library; recognizable AST processing code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-BGNN-TZu.js | AI (source-diff): Standard Vite-bundled React framework chunk; minified but clearly identifiable React/JSX runtime code. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-DV6xgN-u.js | AI (source-diff): False positive; file is a bundled syntax highlighter with no actual network calls or dynamic code execution beyond standard JS patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-DV6xgN-u.js | AI (source-diff): Syntax highlighting bundle; standard Babel helpers and iterator utilities, no network exfiltration. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CgE9wXsG.js | AI (source-diff): Remark/rehype markdown processing bundle; recognizable AST/property-info patterns, benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-obP2jLZD.js | AI (source-diff): Main app bundle from Vite build; standard ES module imports from sibling chunks, no exfiltration patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CxtH_TMM.js | AI (source-diff): Lucide-react icon library bundle; minified SVG component definitions, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-tLdAczfw.js | AI (source-diff): Standard Vite-bundled React framework chunk; minification is expected for this web-UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-Cd0X5hlQ.js | AI (source-diff): False positive; file is a browser-side syntax-highlight bundle with no server-side network+exec pattern. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-Cd0X5hlQ.js | AI (source-diff): Syntax highlighting bundle; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-DyX1UaxB.js | AI (source-diff): Markdown renderer bundle; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-C31VyncC.js | AI (source-diff): Main app bundle from Vite build; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-7dEaIdsr.js | AI (source-diff): Lucide icons bundle; minified output is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DZZoyq1H.js | AI (source-diff): Main app bundle from Vite build; expected minified output for this web-UI embed package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-C2rKonqc.js | AI (source-diff): False positive on minified syntax-highlighter code; no actual network+exec dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-C2rKonqc.js | AI (source-diff): Minified syntax-highlighting library bundle; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CKLCmqUf.js | AI (source-diff): Minified remark/rehype markdown library bundle; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-BmpT4gLy.js | AI (source-diff): Standard Vite-bundled React runtime; minification is expected for this web-UI embed package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-NLumJnzD.js | AI (source-diff): Minified Lucide icons bundle; expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-oycABBLV.js | AI (source-diff): Main application bundle from Vite build. Sample shows Zustand state management and React component imports. Expected minified output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-C-YmwRlI.js | AI (source-diff): Minified Lucide icons library bundle. Sample shows standard SVG icon component factory code. Benign for a web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DPWXQdJ1.js | AI (source-diff): Minified Vite application bundle. Expected output for this pre-built static asset package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-QzxYK80e.js | AI (source-diff): Standard Vite/Rollup minified React app bundle. Package purpose is shipping pre-built static web assets; minified bundles are expected and benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DMHptCV5.js | AI (source-diff): Standard Vite/Rollup minified output for Lucide React icon library. Package purpose is shipping pre-built static web assets; minified bundles are expected and benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Dn3vbSQi.js | AI (source-diff): Package is a pre-built React SPA bundle; minified JS files in dist/web-assets/assets/ are expected build artifacts. Sample confirms standard React/Zustand/router code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CAGFYtYJ.js | AI (source-diff): Standard Vite-bundled main app chunk; minification is expected for a pre-built static web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BLSQZQ2z.js | AI (source-diff): This package ships pre-built Vite/React bundles as its core purpose. Minified JS files in dist/web-assets/assets/ are expected and benign for this embedded web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-UxjpKRwL.js | AI (source-diff): Standard Vite entry point bundle. Package ships pre-built static assets; minified JS is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-nMYEE17A.js | AI (source-diff): Main SPA bundle produced by Vite. Imports from local relative paths only; sample shows standard Zustand/React SPA patterns. Expected for a pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DnKJmk3z.js | AI (source-diff): Minified Lucide icons library bundle. Sample confirms standard icon component definitions (arrow-down, arrow-left, etc.). Expected for a pre-built UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-CKyGuCbn.js | AI (source-diff): False positive. File only imports from local relative paths; sample shows Babel helpers and array utilities. No actual remote fetch or eval/Function constructor present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-BeX2trYw.js | AI (source-diff): Minified React framework bundle produced by Vite build. Package is explicitly a pre-built static asset bundle; minification is expected and the sample confirms React internals. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-CKyGuCbn.js | AI (source-diff): Minified syntax highlighting library with Babel-transpiled helpers. Sample shows standard utility functions. Expected for a pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-QmRNlbUJ.js | AI (source-diff): Minified markdown/rehype library bundle. Sample shows hast property handling code. Expected for a pre-built UI package with markdown rendering. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Yk-_f4ae.js | AI (source-diff): Minified React/Zustand/Router bundle — standard Vite build output for this web UI package. No malicious patterns present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CrvntRFe.js | AI (source-diff): Minified hast/rehype markdown processing library. HTML property handling code — standard build output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-BS--7y-s.js | AI (source-diff): Minified syntax highlighting library with Babel helpers. Standard build output for a web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BZqBRwqX.js | AI (source-diff): Vite application entry point with module preload polyfill and ES module imports. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-BHrgA9s1.js | AI (source-diff): Minified React + Vite bundle output. Standard build artifact for a pre-built web UI package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DtB2Wy11.js | AI (source-diff): Minified Lucide icons library. SVG path data and React forwardRef wrappers — standard build output, not malicious. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-BS--7y-s.js | AI (source-diff): False positive: syntax highlighting libraries commonly trigger net+exec patterns via dynamic language loading. Code sample shows only standard transpiled JS utilities. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-BWeqcfI3.js | AI (source-diff): Lucide React icons library, minified by Vite. Benign SVG icon components — expected output for this web UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-0PI0z6H_.js | AI (source-diff): False positive: 'network' is Vite modulepreload fetch polyfill; 'dynamic execution' is syntax highlighter eval patterns. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-0PI0z6H_.js | AI (source-diff): Minified syntax highlighting library with Babel helpers. Standard Vite bundle output; no malicious patterns visible. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CN6Boxtq.js | AI (source-diff): Minified markdown/hast/rehype processing library. Standard Vite bundle output for this web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CY2ny4Un.js | AI (source-diff): Main Vite app bundle with standard modulepreload polyfill. Expected minified output for this pre-built static web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-D8VmzUzi.js | AI (source-diff): Standard Vite-minified React runtime bundle. Minification is expected for this package which ships pre-built static web UI assets. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Dk6RyGX7.js | AI (source-diff): Standard Vite/Rollup minified React app bundle. Sample shows React Query, React Router, and component imports — legitimate build output for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-kFKWjL8R.js | AI (source-diff): Standard Vite/Rollup minified React SPA bundle. Package purpose is to ship pre-built static assets; minified output is expected and benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-D-vEAllY.js | AI (source-diff): Standard minified markdown rendering library bundle. Content is recognizable remark/rehype library code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-DTPHo7yR.js | AI (source-diff): Standard minified syntax highlighting library bundle. Content is recognizable Babel helpers and utility functions. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-DTPHo7yR.js | AI (source-diff): False positive. Sample shows only Babel helper polyfills and array utilities — no actual network calls or dynamic code execution (eval/Function constructor) present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-BIIYQSeK.js | AI (source-diff): Standard minified Lucide icons bundle. Content is clearly recognizable SVG icon component code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DO0OE4hS.js | AI (source-diff): Standard Vite/Rollup minified application bundle. Content is recognizable React application code importing from framework/icons/syntax/markdown bundles. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-oGXvqNAb.js | AI (source-diff): Standard Vite/Rollup minified React framework bundle. Content is clearly recognizable React runtime code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-DOQlhdu0.js | AI (source-diff): Standard Vite-minified React runtime bundle. This package ships pre-built static assets by design; minified output is expected and stable. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-DMm7hGsC.js | AI (source-diff): False positive: standard browser fetch/dynamic import patterns in a minified syntax highlighting library, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BA8O3-Pe.js | AI (source-diff): Vite-bundled main entry point with standard module preload polyfill. Expected output for this pre-built static asset package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-DMm7hGsC.js | AI (source-diff): Minified syntax highlighting library with babel helpers — standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CG7CKo-_.js | AI (source-diff): Minified remark/rehype markdown processing library — standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CWsGREZ1.js | AI (source-diff): Minified Lucide icon library bundle — standard Vite build output for this web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-C2Ioh9TW.js | AI (source-diff): Package ships pre-built Vite/Rollup frontend bundles; minified lucide-react icon definitions are expected output, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Dxg_iiU4.js | AI (source-diff): Package ships pre-built static assets; minified React/Zustand/router bundle is expected output for this 'pre-built static assets' package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-mA3NAgir.js | AI (source-diff): Main Vite bundle entry point for the web UI. Minified output expected for this package type. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-D-5X7_hb.js | AI (source-diff): Minified syntax highlighting library with standard babel helpers. Expected Vite bundle output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-BKtfPY5J.js | AI (source-diff): Minified remark/rehype markdown processing library. Expected Vite bundle output. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-D-5X7_hb.js | AI (source-diff): False positive — sample shows babel helper utilities and array manipulation, not malicious network+exec pattern. This is a minified syntax highlighter. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-PLTZyYX6.js | AI (source-diff): Minified Lucide icon library bundle. Expected output for a Vite-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-CCfjBV98.js | AI (source-diff): Standard Vite-bundled React runtime. Minified output is expected for this web-UI package that ships pre-built static assets. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BtcMo28E.js | AI (source-diff): Main Vite app bundle with standard modulepreload polyfill. Expected minified output for this package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-6GQg1L6s.js | AI (source-diff): False positive: network/exec patterns in a syntax highlighter are standard parser patterns, not dropper behavior. Package purpose is serving pre-built static assets. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-DKyygyJ1.js | AI (source-diff): Minified React framework bundle produced by Vite build; long lines are standard minification, not obfuscation. Stable for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DW4nq1g1.js | AI (source-diff): Minified Lucide React icons bundle; content is clearly SVG icon components. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CWBtUIYU.js | AI (source-diff): Main Vite app bundle importing from other chunks; standard minified frontend build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-D8o6UXHw.js | AI (source-diff): Minified remark/markdown processing library bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-6GQg1L6s.js | AI (source-diff): Minified syntax highlighting library bundle with Babel helpers; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CJNLZbCm.js | AI (source-diff): Minified main app bundle importing standard libraries. Expected output for this pre-built static web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-D-xZl01E.js | AI (source-diff): Minified React app bundle — standard Vite build output. Content shows legitimate React/Zustand/TanStack patterns with no malicious indicators. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-Te76tk3I.js | AI (source-diff): False positive: file is a Vite-bundled syntax highlighter. No actual dropper/loader behavior; network calls are Vite module preload fetch, code execution is normal JS evaluation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-khclnxlW.js | AI (source-diff): Minified Lucide icons library bundle produced by Vite. Standard frontend build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-kdJhTzcl.js | AI (source-diff): Minified Vite SPA entry point. Standard frontend build artifact for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CrMWZKHp.js | AI (source-diff): Minified react-markdown/hast library bundle produced by Vite. Standard frontend build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-Te76tk3I.js | AI (source-diff): Minified syntax highlighting library (Babel helpers + prism/highlight) produced by Vite. Standard frontend build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-D1oGmMLS.js | AI (source-diff): Minified React framework bundle produced by Vite build. Standard frontend build artifact for this web-UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CptFxrUC.js | AI (source-diff): Minified React app bundle — standard Vite/Rollup build output for a pre-built static assets package. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-SfzWNhWF.js | AI (source-diff): Minified React application bundle — standard Vite build output. Samples show Zustand, TanStack Query, and React patterns. No malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DZoHhLz7.js | AI (source-diff): Main application bundle minified by Vite/Rollup. Standard build artifact for pre-built static assets package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-nAXv8AQL.js | AI (source-diff): False positive: sample shows only Babel helpers and array utilities, no actual network calls or dynamic code execution (no eval/fetch/XMLHttpRequest). | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-nAXv8AQL.js | AI (source-diff): Syntax highlighting library with Babel helpers, minified. Standard build artifact for pre-built static assets package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-BK94rdVT.js | AI (source-diff): Remark/rehype markdown processing library minified bundle. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/router-1labGj4Y.js | AI (source-diff): TanStack Query + React Router minified bundle. Recognizable query/mutation key patterns. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/react-B4JKld8U.js | AI (source-diff): React runtime minified bundle. Recognizable React internals (Symbol.for react.* symbols). Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DRLoLJcX.js | AI (source-diff): Lucide React icons library minified by Vite/Rollup build. Standard build artifact for a pre-built static assets package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BTWoZ9iY.js | AI (source-diff): Package ships pre-built minified React app assets by design. index file contains recognizable React/TanStack Query/Router code — standard Vite bundle output, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-C4QRbGiI.js | AI (source-diff): Vite-bundled syntax highlighting library with Babel helpers; minification expected for this pre-built web UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-C4QRbGiI.js | AI (source-diff): False positive: network patterns from module loading and exec patterns from Babel polyfills in a bundled syntax highlighting library. No actual dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-yHGA3jFU.js | AI (source-diff): Vite entry bundle with __vite__mapDeps and standard module preload polyfill; minification expected for this pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-NgVU3wuG.js | AI (source-diff): Vite-bundled React runtime; minification is expected for this pre-built web UI package. Content is clearly React/JSX runtime code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-Dzd6rzzk.js | AI (source-diff): Vite-bundled Lucide React icon library; minification expected. SVG path data and React.forwardRef calls are clearly visible in sample. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-Bcsl3Jct.js | AI (source-diff): Vite-bundled remark/rehype markdown library; minification expected. hast property/attribute mapping code is clearly visible. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CyctIQKi.js | AI (source-diff): Vite-bundled app entry point; minification is expected for this pre-built static assets package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-CVWjfjrj.js | AI (source-diff): False positive: network/exec patterns are Babel transpilation helpers and standard browser fetch in a syntax highlighting library, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-CVWjfjrj.js | AI (source-diff): Minified syntax highlighting library with Babel helpers. Standard build artifact for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-SoEfzd-U.js | AI (source-diff): Minified remark/rehype markdown processing library. Standard build artifact for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-C4uL_Xp0.js | AI (source-diff): Vite-bundled app entry point with __vite__mapDeps. Standard Vite build output for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-b6tAm-K5.js | AI (source-diff): Minified React/Vite bundle output. Package is explicitly a pre-built static web UI; minified dist files are expected and benign for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-CbeCRR3U.js | AI (source-diff): Minified Lucide React icons library. Standard build artifact for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-wFIZF5Sn.js | AI (source-diff): Standard Vite/Rollup minified bundle for the main React UI. Package is explicitly a pre-built static asset distribution; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DTzLOVWM.js | AI (source-diff): Standard Vite/Rollup minified output for Lucide icon library. Package ships pre-built static assets by design; minified bundles are expected and benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-W6qE5DOS.js | AI (source-diff): Minified syntax highlighting library. Sample shows Babel helper patterns and standard JS utility functions. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-W6qE5DOS.js | AI (source-diff): False positive: 'network calls' are modulepreload fetch() in frontend bundle; 'code execution' is standard Babel-transpiled JS. No external C2 or dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CBahnwHQ.js | AI (source-diff): Minified markdown rendering library (remark/rehype ecosystem). Sample confirms standard AST processing code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DiTCc6_B.js | AI (source-diff): Main app bundle — minified Vite output. Sample shows standard React app with Zustand state management, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DT3C0cYe.js | AI (source-diff): Minified Lucide icons library bundle. Sample confirms standard SVG icon component patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-CBOZkB01.js | AI (source-diff): Standard Vite/Rollup minified bundle of React and related libraries. Samples confirm well-known open-source code patterns, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-D1T8f4CO.js | AI (source-diff): Standard Vite/React SPA bundle output. Package is explicitly a pre-built static asset package; minified app bundle is expected and benign. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/router-CJBNIDUr.js | AI (source-diff): Minified React Router/TanStack Query bundle produced by Vite build; standard build output, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-cn7uQYgw.js | AI (source-diff): Minified main React app bundle produced by Vite build; consistent with package description as a pre-built static asset package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-C6QVr-PD.js | AI (source-diff): Minified Lucide React icon bundle produced by Vite build; standard build output for a pre-built static asset package, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-DBlIOQ6J.js | AI (source-diff): Minified markdown renderer bundle. Code sample shows standard remark/rehype property definitions. Expected minified output. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-Bb-5IjkK.js | AI (source-diff): False positive: 'network calls' are ES module imports from sibling bundled files, not external network requests. No actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-Bb-5IjkK.js | AI (source-diff): Minified syntax highlighting bundle. Code sample shows Babel helpers and standard JS utilities. Expected minified output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-DgV4CRKQ.js | AI (source-diff): Standard Vite-minified React runtime bundle. Code sample confirms legitimate React/JSX code. This package always ships minified frontend bundles. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Fdr2bhNL.js | AI (source-diff): Main Vite app bundle. Code sample shows standard module preload polyfill and React component imports. Expected minified output. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-D9K4SbFb.js | AI (source-diff): Minified Lucide icons bundle. Code sample confirms standard SVG icon definitions. Expected minified output for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-VY1nUC_Y.js | AI (source-diff): Standard Vite-minified syntax highlighting bundle with Babel helpers. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-C9CYLmpM.js | AI (source-diff): Standard Vite-minified React framework bundle. Long lines are minification artifacts, not obfuscation. Stable pattern for this web-UI asset package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-0l-klFSS.js | AI (source-diff): Standard Vite-minified markdown processing bundle (hast/rehype utilities). Stable false positive for this package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-VY1nUC_Y.js | AI (source-diff): False positive: file contains Babel helper utilities and syntax highlighting code, not actual network+exec dropper behavior. Stable for this asset bundle package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DQWOcEQU.js | AI (source-diff): Standard Vite-minified Lucide icons bundle. Content is clearly recognizable SVG icon definitions. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Bc-guU6H.js | AI (source-diff): Standard Vite-minified main app bundle. Content shows normal React app imports and modulepreload polyfill. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-B96OGZXZ.js | AI (source-diff): Standard Vite/Rollup minified React+router application bundle. Expected artifact for a package explicitly described as pre-built static assets. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-CwSwb0kG.js | AI (source-diff): Minified React/Zustand/TanStack bundle — standard Vite build output. This package ships pre-built frontend assets by design. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-BVDEgRvd.js | AI (source-diff): Minified Lucide icon library bundle — standard Vite build output for a pre-built static assets package. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/router-1c3griYn.js | AI (source-diff): Minified React Router/TanStack Query bundle — standard Vite build output. Sample clearly shows legitimate router internals. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BqVIjX4u.js | AI (source-diff): Minified React/Vite application bundle — expected artifact for a 'pre-built static assets' npm package. Samples show legitimate React/TanStack patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BzrcScQz.js | AI (source-diff): Standard Vite/React bundle with typical import patterns (zustand, router, icons). Minified build artifact consistent with package's stated purpose as an embeddable web UI. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-DC4IvKRj.js | AI (source-diff): Standard Lucide icon library bundled via Vite minification. Long lines are minified SVG/React code, not obfuscation. Expected artifact for a pre-built static assets package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-C7hLLi7X.js | AI (source-diff): Standard Vite/Rollup minified React app bundle. Package explicitly ships pre-built static assets; minification is expected and documented. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/router-DOhyXwuH.js | AI (source-diff): Minified TanStack Router/Query bundle — identifiable from sample code patterns. Expected build artifact for this pre-built UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-cJNEfeEX.js | AI (source-diff): This is a Vite-bundled Lucide icons library — minified but clearly identifiable from the sample. Expected output for a pre-built static web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/router-DAZla045.js | AI (source-diff): Standard Vite-minified React Router/TanStack Query bundle. Content is readable and benign; long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DvMKuo32.js | AI (source-diff): This is a Vite-bundled minified React UI bundle. Long lines are standard minified output, not obfuscation. Expected for a pre-built static web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-KQLapOwy.js | AI (source-diff): Main minified app bundle (Zustand, React components). Standard build output for this pre-built web UI package. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/index-KQLapOwy.js | AI (source-diff): Network calls are modulepreload polyfill (fetch for ES module preloading); dynamic execution is Zustand setState. Both are standard browser patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/index-DFb05OzY.js | AI (source-diff): Network calls are Vite's standard modulepreload polyfill (fetch for link preloading). No dynamic code execution beyond normal SPA patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DFb05OzY.js | AI (source-diff): Main Vite-bundled SPA entry point. Sample shows standard Zustand/React patterns. Minification artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DxLUqdfd.js | AI (source-diff): Minified main application bundle importing from other bundled chunks. Standard Vite build output for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-BI-bZpjg.js | AI (source-diff): Main app bundle with recognizable Zustand/React patterns. Standard Vite build output for a web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/markdown-CKQyPXIb.js | AI (source-diff): Standard Vite-minified markdown processing bundle. Samples show rehype/remark HTML property handling — legitimate library code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/framework-nIMfOfMw.js | AI (source-diff): Standard Vite-minified React framework bundle. Samples show React JSX runtime, not obfuscation. Expected output for a pre-built web UI package. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/icons-ChRAk92S.js | AI (source-diff): Standard Vite-minified Lucide icons bundle. Samples show icon component definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-Cr_TnZb5.js | AI (source-diff): Standard Vite-minified main app bundle. Samples show Zustand, React imports, and modulepreload polyfill — legitimate web app code. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/syntax-BTV1BYOo.js | AI (source-diff): Standard Vite-minified syntax highlighting bundle. Samples show Babel helpers and standard utility functions — legitimate library code. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/index-Cr_TnZb5.js | AI (source-diff): Network calls are fetch() for modulepreload link prefetching — standard browser optimization. No dropper/loader behavior present. | ai | |
| source-diff | net-exec-file:dist/web-assets/assets/syntax-BTV1BYOo.js | AI (source-diff): Network calls in syntax highlighting bundle are standard browser API usage, not malicious network+exec patterns. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DCO8QDXC.js | AI (source-diff): Package explicitly ships pre-built Vite-bundled frontend assets; minified JS with mangled names is expected and consistent with the package's stated purpose. | ai | |
| phantom-deps | phantom-dep:express | AI (phantom-deps): Express is a legitimate runtime dependency used to serve embedded static assets; listed in package.json dependencies. | ai | |
| source-diff | obfuscated-file:dist/web-assets/assets/index-DNOY9INA.js | AI (source-diff): This package ships pre-built Vite/React bundles as its core purpose. Content-hashed minified JS files are expected in every release; not obfuscation. | ai | |
| source-diff | encoded-string-file:dist/index.js | AI (source-diff): Long base64 strings are embedded web assets (EMBEDDED_ASSETS.set pattern) — the package's documented design for serving static files via express. Not a malicious payload. | ai |
Versions (showing 51 of 117)
| Version | Deps | Published |
|---|---|---|
| 0.1.295 | 1 / 3 | |
| 0.1.294 | 1 / 3 | |
| 0.1.293 | 1 / 3 | |
| 0.1.292 | 1 / 3 | |
| 0.1.291 | 1 / 3 | |
| 0.1.290 | 1 / 3 | |
| 0.1.289 | 1 / 3 | |
| 0.1.288 | 1 / 3 | |
| 0.1.287 | 1 / 3 | |
| 0.1.286 | 1 / 3 | |
| 0.1.285 | 1 / 3 | |
| 0.1.284 | 1 / 3 | |
| 0.1.283 | 1 / 3 | |
| 0.1.282 | 1 / 3 | |
| 0.1.281 | 1 / 3 | |
| 0.1.280 | 1 / 3 | |
| 0.1.279 | 1 / 3 | |
| 0.1.278 | 1 / 3 | |
| 0.1.277 | 1 / 3 | |
| 0.1.276 | 1 / 3 | |
| 0.1.275 | 1 / 3 | |
| 0.1.274 | 1 / 3 | |
| 0.1.273 | 1 / 3 | |
| 0.1.272 | 1 / 3 | |
| 0.1.271 | 1 / 3 | |
| 0.1.270 | 1 / 3 | |
| 0.1.269 | 1 / 3 | |
| 0.1.268 | 1 / 3 | |
| 0.1.267 | 1 / 3 | |
| 0.1.266 | 1 / 3 | |
| 0.1.265 | 1 / 3 | |
| 0.1.264 | 1 / 3 | |
| 0.1.263 | 1 / 3 | |
| 0.1.262 | 1 / 3 | |
| 0.1.261 | 1 / 3 | |
| 0.1.260 | 1 / 3 | |
| 0.1.259 | 1 / 3 | |
| 0.1.258 | 1 / 3 | |
| 0.1.257 | 1 / 3 | |
| 0.1.256 | 1 / 3 | |
| 0.1.255 | 1 / 3 | |
| 0.1.254 | 1 / 3 | |
| 0.1.253 | 1 / 3 | |
| 0.1.252 | 1 / 3 | |
| 0.1.251 | 1 / 3 | |
| 0.1.250 | 1 / 3 | |
| 0.1.249 | 1 / 3 | |
| 0.1.248 | 1 / 3 | |
| 0.1.247 | 1 / 3 | |
| 0.1.246 | 1 / 3 | |
| 0.1.245 | 1 / 3 |
v0.1.295
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.294
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.293
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.292
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.291
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.290
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.289
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.288
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.287
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.286
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.285
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.284
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.283
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.282
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.281
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.280
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.279
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.278
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.277
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.276
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.275
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.274
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.273
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.272
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.271
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.270
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.269
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.268
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.267
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.266
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.265
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.264
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.263
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.262
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.261
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.260
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.259
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.258
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.257
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.256
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.255
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.254
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.253
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.252
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.251
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.250
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.249
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.248
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.247
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.246
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.245
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 12 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.