@powerhousedao/connect
Powerhouse Connect
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-dropped | AI (source-diff): Size drop reflects build system refactor (vite→tsdown); dist output and exports are intact. | ai | |
| phantom-deps | phantom-dep:@powerhousedao/config | AI (phantom-deps): Same-org package; likely used via re-exports or config files, not direct import. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DS3ZFTaI.js | AI (source-diff): Standard Vite-bundled Sentry SDK; minified frontend asset with source map, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/index-Dv-R6xgj.js | AI (source-diff): Network calls and dynamic module loading are expected in a Vite SPA bundle; not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Dv-R6xgj.js | AI (source-diff): Standard Vite bundle entry point with module-preload polyfill; minified frontend asset with source map. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DmXT42F4.js | AI (source-diff): Vite-bundled index; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-CbrzHByR.js | AI (source-diff): Vite-bundled hooks bundle; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-Qezssass.js | AI (source-diff): Vite-bundled GraphQL editor; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-DX48nXiB.js | AI (source-diff): Vite-bundled document model editor; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-DwfVcvps.js | AI (source-diff): Vite-bundled design system; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-BaOi_iZS.js | AI (source-diff): Vite-bundled UI component library; standard minification. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-_mQRN7ud.js | AI (source-diff): Network calls are React UI fetch patterns; no dropper behavior in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-1FKe8jEW.js | AI (source-diff): Standard Vite-minified React component; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-_mQRN7ud.js | AI (source-diff): Vite-bundled design system; normal minified ES module output. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-sgbHq23r.js | AI (source-diff): Vite-bundled state schemas; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-4w2S6HjP.js | AI (source-diff): Vite-bundled settings modal; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-DPd4_Rcx.js | AI (source-diff): Vite-bundled reactor browser; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-BYp1sPVB.js | AI (source-diff): Vite-bundled JSON editor; standard minification. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-CFILTpbs.js | AI (source-diff): Standard Vite minified bundle; tooltip/UI component code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-eDsiVfo5.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-BCXQPcQM.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-CcA5yInB.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-CrEK3rBH.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-C5MyZvTc.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-D8Z1tryw.js | AI (source-diff): Standard Vite minified bundle; unicode range table is a known pattern in text-processing libs. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-qbDnk6Hi.js | AI (source-diff): Standard Vite minified bundle; readable GraphQL editor logic in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-JfXSkHr4.js | AI (source-diff): Standard Vite minified bundle with __vite__mapDeps pattern; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-uzxQiZXn.js | AI (source-diff): Standard Vite minified bundle; readable React context/button component code in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-DocqAqro.js | AI (source-diff): Standard Vite minified bundle; readable React component code in sample. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-CFILTpbs.js | AI (source-diff): False positive; sample shows normal React UI component code, no dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-CMkZy_1X.js | AI (source-diff): Standard Vite minified bundle output; readable React component logic visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-PO80eyeM.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-CGSGqdiO.js | AI (source-diff): Browser app bundle with fetch + dynamic import; not malicious. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-PO80eyeM.js | AI (source-diff): Browser app bundle with fetch + dynamic import; not malicious. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-BnXJw88_.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-nS5DC8g1.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-IHk9Z6d3.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-DlwDDnfI.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-B5MCMKxT.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-BTQ0j-nn.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-i_l_tuTM.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-C7b-Pj_S.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-CnUPQCB7.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-sJhQvTbU.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-CGSGqdiO.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-CPIfBVXe.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-ydv0TEZw.js | AI (source-diff): Vite-bundled minified output; standard for this React web app package. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-BmHa_TPZ.js | AI (source-diff): Vite-bundled React app chunk; network calls are fetch/GraphQL, dynamic exec is Vite lazy-loading. Not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-CVhVmQqT.js | AI (source-diff): Standard Vite minified bundle output; content-hash filename pattern consistent with this package's build system. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-C3AMUoGR.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-C0GxYVy9.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-J-anQSIN.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-53aAdT3j.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D7CJBxW2.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-CHw2Ezl1.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-MCVaBcZc.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-Cwpe8esr.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-UqzHMcwD.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-C8JEZFwJ.js | AI (source-diff): Standard Vite minified bundle output for this package. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-BQwzGO2s.js | AI (source-diff): False positive: bundler combines fetch and dynamic imports in normal UI code; no dropper behavior visible. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-BQwzGO2s.js | AI (source-diff): Standard Vite minified bundle; recognizable React/Radix UI patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-DGYPpUGa.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-Dnwc_Xm9.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-lmHQ6HZy.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-CSkqTexL.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-Vb8XBnLs.js | AI (source-diff): Sample shows Radix UI tooltip/React component code; no actual dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-CQKAVxat.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-36mF-wEI.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-BXDXscnR.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-CooFY-Go.js | AI (source-diff): Standard Vite bundle chunk; sample shows normal React debug UI code. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-BGn_P-dn.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CK2Jk_ho.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-D4Uas2SG.js | AI (source-diff): Standard Vite bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-Vb8XBnLs.js | AI (source-diff): Standard Vite bundle chunk; minification is expected for this React app package. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-C3cx2xWb.js | AI (source-diff): Standard Vite-minified hooks bundle; encoded string is a Unicode range table for text processing. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-CtSdhjei.js | AI (source-diff): Standard Vite-minified document model editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-BL-jqYBp.js | AI (source-diff): Standard Vite-minified design system bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-CCRmtn0r.js | AI (source-diff): Standard Vite-minified UI bundle. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-B86GtG4E.js | AI (source-diff): Network calls and dynamic code in a UI design system bundle are expected React patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-B86GtG4E.js | AI (source-diff): Standard Vite-minified design system bundle; normal React/Radix UI patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-DqIHR9N9.js | AI (source-diff): Standard Vite-minified React component; no malicious patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-CsGs3xyX.js | AI (source-diff): Standard Vite-minified settings modal bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-6VvNJtmE.js | AI (source-diff): Standard Vite-minified reactor browser bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-C1Tc9tMZ.js | AI (source-diff): Standard Vite-minified JSON editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-6f3lyRth.js | AI (source-diff): Standard Vite-minified state schemas bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CT5yiEeE.js | AI (source-diff): Standard Vite-minified index bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-D9iS42tk.js | AI (source-diff): Standard Vite-minified GraphQL editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-CrIXGhUN.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large Vite build output is expected for this app package across versions. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-DXJrnnr5.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-CJ6J0XlS.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-DWh4e_Th.js | AI (source-diff): Browser app fetch+dynamic-import; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-Dbq2CEc_.js | AI (source-diff): Standard Vite minified output; content-hashed bundle from legitimate React app. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-VGI4wQmK.js | AI (source-diff): Standard Vite minified output; Radix/React UI patterns visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-VGI4wQmK.js | AI (source-diff): Browser app fetch+dynamic-import; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-D_-KrAn9.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-DU8a3pDW.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-1uawguVU.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-b5ebbPHP.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-D6NzkYIC.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BzlZdiUC.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-iJWVafCf.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-DMfY9uK3.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-DWh4e_Th.js | AI (source-diff): Standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-j0efga6n.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-DlmI0vHZ.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-Bcu2NP76.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-Cv8-otO9.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-1JqxrkF3.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-Co3qr8jm.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-yiWU-lPX.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BHD5Ocbm.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-Bi7-hwjD.js | AI (source-diff): Standard Vite minified bundle output; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-CdzFEERy.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-CdzFEERy.js | AI (source-diff): False positive: network calls and dynamic React patterns in minified UI bundle, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-CfbF3HiM.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-0k6drmu2.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D3VAZ7Xs.js | AI (source-diff): Standard Vite-bundled frontend asset; minification is expected for this web app package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DEuI3Aoa.js | AI (source-diff): Standard Vite-bundled frontend asset; minification is expected for this web app package. | ai | |
| source-diff | net-exec-file:dist/assets/index-DEuI3Aoa.js | AI (source-diff): Network calls and dynamic module loading are standard Vite lazy-chunk patterns for a React SPA. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-ywvaGjmZ.js | AI (source-diff): Standard Vite-minified settings modal bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-8EVsI65Y.js | AI (source-diff): Standard Vite-minified React component bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-ByMpO5pw.js | AI (source-diff): Standard Vite-minified design system bundle. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-ByMpO5pw.js | AI (source-diff): Network calls and dynamic code are normal React UI patterns in this bundle; no dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-DLjJhm8a.js | AI (source-diff): Standard Vite-minified UI bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-BegnN9dF.js | AI (source-diff): Standard Vite-minified design system bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-D94MCyNJ.js | AI (source-diff): Standard Vite-minified document model editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-nOSN9U2b.js | AI (source-diff): Standard Vite-minified GraphQL editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-DUSPlbzN.js | AI (source-diff): Standard Vite-minified hooks bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DgltkH6Y.js | AI (source-diff): Standard Vite-minified index bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-Bbm1UYNN.js | AI (source-diff): Standard Vite-minified JSON editor bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-CZW9-NYG.js | AI (source-diff): Standard Vite-minified reactor browser bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-6Z9TtCue.js | AI (source-diff): Standard Vite-minified state schemas bundle. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-BgopVgbt.js | AI (source-diff): Standard Vite minified bundle output; samples show normal React UI code. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-B9BW8NhE.js | AI (source-diff): Standard Vite minified bundle for OPFS (Origin Private File System) adapter. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-DA0KzfN4.js | AI (source-diff): Standard Vite minified bundle of reactor-browser library. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-DA0KzfN4.js | AI (source-diff): Network+exec in Vite bundle is normal for browser reactor; no malware indicators. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-Dtj6tds3.js | AI (source-diff): Standard Vite minified bundle of settings modal component. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-CZZO-qUN.js | AI (source-diff): Standard Vite minified bundle of json-editor component. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Pi__PLqs.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-B_oG6k9B.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-B66vSbjr.js | AI (source-diff): Standard Vite minified bundle of React hooks. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-CZpc8Cif.js | AI (source-diff): Standard Vite minified bundle of graphql-editor component. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-BEAHh8iH.js | AI (source-diff): Standard Vite minified bundle with __vite__mapDeps; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-Dse0kZTw.js | AI (source-diff): Standard Vite minified bundle; samples show normal React/Radix UI code. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-BwWglWrE.js | AI (source-diff): Standard Vite minified bundle; samples show normal React component code. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-ClCGCpTv.js | AI (source-diff): Network+exec pattern in Vite bundle is normal for a browser app with fetch calls and dynamic imports. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-ClCGCpTv.js | AI (source-diff): Standard Vite minified bundle; samples show Radix UI/React component code. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-t1H6Qs0c.js | AI (source-diff): Reactor browser bundle; normal pattern for this app. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-C2JafLr9.js | AI (source-diff): Standard Vite minified bundle output for a React app; not intentional obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-DH8QS0Fb.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-DH8QS0Fb.js | AI (source-diff): React UI bundle with fetch calls; normal pattern for this app. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-TCbt-a8S.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-c6ElI1VR.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-CHHp641k.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-BYbMBGUm.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-DM0AfrpV.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-oBvWpOey.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-rXFHrcdo.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-DvUeOacv.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-DlmlXGDn.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-t1H6Qs0c.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-BujY30_A.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-DmGGA-by.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-CJK3lgIb.js | AI (source-diff): Normal browser app pattern: fetch + dynamic imports in Vite bundle; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/zod-9j67vCAu.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/state-schemas-CxAKgkZU.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-Btxm-R2b.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-CXdI6XKZ.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-BKzvaJG3.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DnN2Qpd9.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Cy-eXo_9.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-CHlZCPSR.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-DV9bmAey.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-BJV7YAiy.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-BmHa_TPZ.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-DO_7ogs-.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-CFfcFBCu.js | AI (source-diff): Standard Vite minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-CJK3lgIb.js | AI (source-diff): Standard Vite minified bundle output for this React app; not intentional obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/json-editor-BUxqU6ph.js | AI (source-diff): Standard Vite bundle of json-editor component. | ai | |
| source-diff | obfuscated-file:dist/assets/opfs-ahp-CEtAgv8a.js | AI (source-diff): Standard Vite bundle; OPFS is expected for pglite storage. | ai | |
| source-diff | obfuscated-file:dist/assets/reactor_browser-CqcNBhxi.js | AI (source-diff): Standard Vite bundle of @powerhousedao/reactor-browser. | ai | |
| source-diff | net-exec-file:dist/assets/reactor_browser-CqcNBhxi.js | AI (source-diff): Network+exec in reactor browser bundle; expected for a document sync engine. | ai | |
| source-diff | obfuscated-file:dist/assets/SettingsModal-DBPjDELN.js | AI (source-diff): Standard Vite bundle of settings modal component. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system-D3L2kJJ3.js | AI (source-diff): Standard Vite bundle; sample shows React context/button components. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_ui-cfMsqDx9.js | AI (source-diff): Standard Vite bundle; sample shows Radix Checkbox/Button components. | ai | |
| source-diff | net-exec-file:dist/assets/design_system_connect-CyoiT4fi.js | AI (source-diff): Network+exec pattern in Vite-bundled React UI code; no malicious payload visible. | ai | |
| source-diff | obfuscated-file:dist/assets/design_system_connect-CyoiT4fi.js | AI (source-diff): Standard Vite bundle output; sample shows Radix Tooltip/VisuallyHidden components. | ai | |
| source-diff | obfuscated-file:dist/assets/DebugSettingsModal-D_XiU43T.js | AI (source-diff): Standard Vite bundle output for React app; samples show legitimate UI component code. | ai | |
| source-diff | obfuscated-file:dist/assets/document_drive-CacD9AxC.js | AI (source-diff): Standard Vite bundle; sample shows document drive cache/storage classes. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model_editor-B0b9iLkL.js | AI (source-diff): Standard Vite bundle with __vite__mapDeps; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/document_model-BhnxVUEi.js | AI (source-diff): Standard Vite bundle; sample shows JSON serialization utility code. | ai | |
| source-diff | net-exec-file:dist/assets/document_model-BhnxVUEi.js | AI (source-diff): Network+exec in Vite-bundled document model code; no malicious payload. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql_request-BJtmW2JS.js | AI (source-diff): Standard Vite bundle of graphql-request library. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-AKTCpY7l.js | AI (source-diff): Standard Vite bundle of graphql library. | ai | |
| source-diff | obfuscated-file:dist/assets/graphql-editor-DISUwtOC.js | AI (source-diff): Standard Vite bundle of graphql-editor component. | ai | |
| source-diff | obfuscated-file:dist/assets/hooks-CuuvwRiM.js | AI (source-diff): Standard Vite bundle of React hooks. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DyKLAUdY.js | AI (source-diff): Standard Vite bundle output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Zdob0kL_.js | AI (source-diff): Standard Vite bundle output. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Validation library referenced in config files; legitimate phantom dep pattern for this application. | ai | |
| phantom-deps | phantom-dep:@powerhousedao/document-engineering | AI (phantom-deps): Same org scope package; legitimately declared as dependency even if not directly imported in source files. | ai | |
| phantom-deps | phantom-dep:@types/cypress | AI (phantom-deps): TypeScript type package for Cypress testing; loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:@openfeature/core | AI (phantom-deps): OpenFeature core referenced in config files; phantom detection is a known false positive for this usage pattern. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Tailwindcss is a build-time CSS framework referenced in config files; phantom detection is expected for this type of package. | ai | |
| phantom-deps | phantom-dep:vite-plugin-html | AI (phantom-deps): Vite plugin referenced in vite config files; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:@powerhousedao/analytics-engine-core | AI (phantom-deps): First-party @powerhousedao package; phantom detection is expected for same-org scope packages used indirectly. | ai | |
| phantom-deps | phantom-dep:graphql | AI (phantom-deps): GraphQL referenced in config files; phantom detection is a known false positive for this usage pattern. | ai | |
| phantom-deps | phantom-dep:@types/wicg-file-system-access | AI (phantom-deps): Type-only package loaded by convention; phantom detection is a known false positive for @types/* packages. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Type-only package loaded by convention; phantom detection is a known false positive for @types/* packages. | ai | |
| phantom-deps | phantom-dep:@types/react-dom | AI (phantom-deps): Type-only package loaded by convention; phantom detection is a known false positive for @types/* packages. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/vite | AI (phantom-deps): Tailwind Vite plugin referenced in vite config; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:@vitejs/plugin-react | AI (phantom-deps): Vite plugin referenced in vite config files; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:@sentry/browser | AI (phantom-deps): Sentry browser SDK referenced in config files; phantom detection is a known false positive for this usage pattern. | ai | |
| phantom-deps | phantom-dep:@sentry/vite-plugin | AI (phantom-deps): Sentry Vite plugin referenced in vite config; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:vite-plugin-node-polyfills | AI (phantom-deps): Vite plugin referenced in vite config files; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:vite-plugin-svgr | AI (phantom-deps): Vite plugin referenced in vite config files; not directly imported in source — expected pattern for Vite-based packages. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Type-only package loaded by convention; phantom detection is a known false positive for @types/* packages. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall is `cp ./package.json ./package.copy.json` — a benign file copy needed to support the package.json exports map entry. Stable pattern for this package. | ai |
Versions (showing 22 of 22)
| Version | Deps | Published |
|---|---|---|
| 6.1.0 | 27 / 19 | |
| 5.3.6 | 46 / 1 | |
| 5.3.5 | 46 / 1 | |
| 5.3.4 | 46 / 1 | |
| 5.3.3 | 46 / 1 | |
| 5.3.2 | 46 / 1 | |
| 5.3.1 | 46 / 1 | |
| 5.3.0 | 46 / 1 | |
| 5.1.0 | 42 / 0 | |
| 5.0.12 | 42 / 0 | |
| 5.0.11 | 42 / 0 | |
| 5.0.10 | 42 / 0 | |
| 5.0.9 | 42 / 0 | |
| 5.0.8 | 42 / 0 | |
| 5.0.7 | 42 / 0 | |
| 5.0.6 | 42 / 0 | |
| 5.0.5 | 42 / 0 | |
| 5.0.4 | 42 / 0 | |
| 5.0.3 | 37 / 2 | |
| 5.0.2 | 37 / 2 | |
| 5.0.1 | 37 / 2 | |
| 5.0.0 | 37 / 2 |
v6.1.0
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (memo.dev) than the most recent previously approved version (acaldas.powerhouse) on 2026-06-03, but memo.dev is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v5.3.6
2 findingsScript: cp ./package.json ./package.copy.json
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.5
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.4
24 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.3
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.2
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.1.0
15 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.11
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.10
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.9
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.8
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.7
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.6
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.4
26 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.