@public-ui/components
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/cjs/component-BUJSMbIY.js | AI (source-diff): False positive on bundled UI component code; no actual dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-BUJSMbIY.js | AI (source-diff): Standard Rollup/Vite minified build output for KoliBri component library; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/FormFieldStateWrapper-BWTMRKXT.js | AI (source-diff): Standard minified kolibri-format build output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/FieldControlStateWrapper-DF2tVpwY.js | AI (source-diff): Standard minified kolibri-format build output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-icon-DekcIBGR.js | AI (source-diff): Standard minified kolibri-format build output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/component-DvjvBJeK.js | AI (source-diff): Standard minified kolibri-format build output; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/esm/component-DvjvBJeK.js | AI (source-diff): False positive on bundled UI component code; no actual dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/esm/component-DvjvBJeK.js | AI (source-diff): Standard Rollup/Vite minified ESM build output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-BmMJhjF1.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-names-Bu9hV7OT.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/component-names-B_kYyA8u.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/common-BXXICkFX.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/common-BXXICkFX.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/common-1pTy2kta.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-D-_1x7ql.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/color-D-_1x7ql.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-CnWT1y2W.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-ByKVIoVY.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-ByKVIoVY.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-bswFXTsy.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-DhQa2Mpw.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-BmMJhjF1.js | AI (source-diff): Standard minified build artifact from KoliBri's bundler; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-icon-BO9NOQnm.js | AI (source-diff): Standard minified build output for KoliBri component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-01_8sWT5.js | AI (source-diff): Standard minified build output for KoliBri component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/FormFieldStateWrapper-BJBSoSm4.js | AI (source-diff): Standard minified build output for KoliBri component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-icon-CAY0twi1.js | AI (source-diff): Standard minified build output for KoliBri component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/controller-icon-BO9NOQnm.js | AI (source-diff): Standard minified build output for KoliBri component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-Bxx5nIn-.js | AI (source-diff): Standard Vite/Rollup minified build output for KoliBri; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-BkpeqvtE.js | AI (source-diff): Standard Vite/Rollup minified build output for KoliBri; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-BkpeqvtE.js | AI (source-diff): Standard Vite/Rollup minified build output for KoliBri; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-BOIEtqEM.js | AI (source-diff): Minified color utility; legitimate contrast/color logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/common-Dd0zJQbD.js | AI (source-diff): Minified kolibri common bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/common-Dd0zJQbD.js | AI (source-diff): Minified ESM common bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/common-Cd2qH809.js | AI (source-diff): Minified CJS common bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-D7OxzTlF.js | AI (source-diff): Minified CJS color utility; legitimate contrast/color logic. | ai | |
| source-diff | obfuscated-file:dist/esm/color-BOIEtqEM.js | AI (source-diff): Minified color utility; legitimate contrast/color logic. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-Buba_2vG.js | AI (source-diff): Standard minified CJS build artifact; legitimate floating-UI logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-7Np6z5EU.js | AI (source-diff): Standard minified build artifact; same floating-UI logic as ESM variant. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-7Np6z5EU.js | AI (source-diff): Standard minified build artifact from KoliBri's Vite/Rollup build pipeline; legitimate floating-UI logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-4923570a.js | AI (source-diff): Standard minified build artifact; same floating-UI code in kolibri dist format. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-4923570a.js | AI (source-diff): Standard minified build artifact for floating-UI positioning logic; consistent with this package's build process. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-fba26613.js | AI (source-diff): Standard minified build artifact; CJS variant of floating-UI positioning code. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-icon-oRdlfcl8.js | AI (source-diff): Minified CJS icon controller; legitimate UI component rendering code. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-DT6QqMUx.js | AI (source-diff): Minified CJS controller; legitimate input/select option validation logic. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-names-CuI-0Pbo.js | AI (source-diff): Minified CJS component tag name registry; benign. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-jhz1Ef5Z.js | AI (source-diff): Standard minified CJS build artifact; legitimate form-associated input controller. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-B9GDDaFL.js | AI (source-diff): Standard minified build artifact for KoliBri UI library; content is legitimate form-associated input controller code. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-B9GDDaFL.js | AI (source-diff): Standard minified build artifact; same legitimate controller code in kolibri dist format. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-icon-z0j8meAS.js | AI (source-diff): Minified kolibri-format icon controller; legitimate UI component rendering code. | ai | |
| source-diff | obfuscated-file:dist/esm/controller-icon-z0j8meAS.js | AI (source-diff): Minified ESM icon controller; legitimate UI component rendering code. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-D9ze_dKv.js | AI (source-diff): Standard minified build output; same floating-UI logic as CJS variant. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-D9ze_dKv.js | AI (source-diff): Standard minified build output; same floating-UI logic. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-Cd5pdfxS.js | AI (source-diff): Standard minified build output for KoliBri UI library; content is readable floating-UI positioning logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-6A9FkBi8.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/esm/component-names-C3fyby67.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/kolibri/common-Czxuyxbo.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/esm/common-Czxuyxbo.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/cjs/common-CWZNPyv9.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-Rjy4ux-w.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/esm/color-Rjy4ux-w.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-owhPod99.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-DZY0qF8S.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-DZY0qF8S.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-Dp4SXbsC.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-D-G9RrEe.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-6A9FkBi8.js | AI (source-diff): Standard Vite/Rollup minified build output with KoliBri copyright header; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cjs/Alert-DUKI4F6t.js | AI (source-diff): Standard minified build artifact for KoliBri UI components; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-DGbaInbL.js | AI (source-diff): Minified floating-UI positioning logic; legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-DGbaInbL.js | AI (source-diff): Minified floating-UI positioning logic; legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-BokToY9Z.js | AI (source-diff): Minified floating-UI positioning logic; legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-D5XJiLiU.js | AI (source-diff): Minified @floating-ui/dom bundle; expected build artifact for this UI component library. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-CdEaJGVD.js | AI (source-diff): Minified form-associated input controller; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/Alert-DaPojoDU.js | AI (source-diff): Standard Stencil.js minified build output for KoliBri UI components; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-AmA8E0uD.js | AI (source-diff): Minified floating-ui geometry code; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-B53gjKzS.js | AI (source-diff): Minified floating-ui geometry code; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-B53gjKzS.js | AI (source-diff): Minified floating-ui geometry code; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-CdEaJGVD.js | AI (source-diff): Minified form-associated input controller; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-Dww_bmMK.js | AI (source-diff): Minified form-associated input controller; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/common-BDQKBMeS.js | AI (source-diff): Minified common utilities bundle; standard Stencil build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/common-BIkdAxr0.js | AI (source-diff): Minified common utilities bundle; standard Stencil build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/common-BIkdAxr0.js | AI (source-diff): Minified common utilities bundle; standard Stencil build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-names-BcQqUL7D.js | AI (source-diff): Minified component names registry; standard Stencil build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/component-names-CqTpXVIM.js | AI (source-diff): Minified component names registry; standard Stencil build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-Iw9vSPIz.js | AI (source-diff): Standard minified build output; same floating-UI code as CJS variant. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-CDNgE1Ig.js | AI (source-diff): Standard minified build output for floating-UI positioning logic; readable content, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-BcavXjw8.js | AI (source-diff): Minified controller bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-Iw9vSPIz.js | AI (source-diff): Standard minified build output; kolibri-format variant of the same file. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-e703b6f9.js | AI (source-diff): Standard minified build output for KoliBri UI library; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-a7a489c8.js | AI (source-diff): Standard minified build output for KoliBri UI library; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-a7a489c8.js | AI (source-diff): Standard minified build output for KoliBri UI library; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-6852ec73.js | AI (source-diff): Standard minified build output; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/esm/controller-6852ec73.js | AI (source-diff): Standard minified build output; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/esm/component-names-4cb1c62b.js | AI (source-diff): Standard minified build output; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-names-2c750b1b.js | AI (source-diff): Standard minified build output; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-72baae00.js | AI (source-diff): Minified color utility code in CJS format; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-48d7fdf1.js | AI (source-diff): Minified color utility code; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/color-48d7fdf1.js | AI (source-diff): Minified color utility code; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-f1c92ada.js | AI (source-diff): Minified form-associated input controller in CJS format; legitimate UI component logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-d302adf7.js | AI (source-diff): Minified form-associated input controller; legitimate UI component logic. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-d302adf7.js | AI (source-diff): Minified form-associated input controller; legitimate UI component logic. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-9b9ebf60.js | AI (source-diff): Standard minified build artifact; same floating-UI code in kolibri format. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-9b9ebf60.js | AI (source-diff): Standard minified build artifact; same floating-UI code in ESM format. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-1fa314b6.js | AI (source-diff): Standard minified build artifact for floating-UI positioning logic; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-b3473c2a.js | AI (source-diff): ESM variant of form-associated controller; same benign logic. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count is expected for a Stencil component library shipping multiple output formats (esm/cjs/kolibri/components). | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-0fcb6935.js | AI (source-diff): Minified controller artifact; standard build output. | ai | |
| source-diff | obfuscated-file:dist/esm/component-names-ad1568d0.js | AI (source-diff): ESM component name registry artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-names-4ecfe25d.js | AI (source-diff): Component name registry; minified but benign. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-b607f500.js | AI (source-diff): Kolibri-format color utility artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/color-b607f500.js | AI (source-diff): ESM color utility artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-685839c5.js | AI (source-diff): Minified color utility; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/components/bund.js | AI (source-diff): Components-format variant of German ministry enum. | ai | |
| source-diff | obfuscated-file:dist/kolibri/bund-ad41b762.js | AI (source-diff): Kolibri-format variant of German ministry enum. | ai | |
| source-diff | obfuscated-file:dist/esm/bund-ad41b762.js | AI (source-diff): ESM variant of German ministry enum; benign domain data. | ai | |
| source-diff | obfuscated-file:dist/cjs/bund-4be96755.js | AI (source-diff): German federal ministry enum data; clearly domain-specific, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-b3473c2a.js | AI (source-diff): Kolibri-format variant of form-associated controller. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-167db0f9.js | AI (source-diff): Minified form-associated controller; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-8b4a73ed.js | AI (source-diff): CJS variant of the same floating-UI positioning bundle. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-7a0eec66.js | AI (source-diff): Same minified floating-UI artifact, different output format. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-7a0eec66.js | AI (source-diff): Standard minified build artifact from KoliBri component library; floating-UI positioning logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/common-B-m-0Sa1.js | AI (source-diff): Kolibri dist variant of common bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/align-floating-elements-AQNQlNaN.js | AI (source-diff): Standard minified build output; same floating-UI code, KoliBri header. | ai | |
| source-diff | obfuscated-file:dist/cjs/align-floating-elements-DETrvE45.js | AI (source-diff): CJS variant of the same floating-UI bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/align-floating-elements-AQNQlNaN.js | AI (source-diff): Standard minified build output for floating-UI logic; KoliBri copyright header present. | ai | |
| source-diff | obfuscated-file:dist/esm/associated.controller-BZSp_RI6.js | AI (source-diff): Minified form-association controller; readable logic, KoliBri header. | ai | |
| source-diff | obfuscated-file:dist/kolibri/associated.controller-BZSp_RI6.js | AI (source-diff): Same form-association controller, kolibri dist variant. | ai | |
| source-diff | obfuscated-file:dist/cjs/associated.controller-Dc2_qV0Z.js | AI (source-diff): CJS variant of form-association controller; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/color-DfrCgfcO.js | AI (source-diff): Minified color-contrast utility; readable logic, KoliBri header. | ai | |
| source-diff | obfuscated-file:dist/esm/color-DZ0Ata5E.js | AI (source-diff): ESM color-contrast utility; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-B0LQS1_i.js | AI (source-diff): CJS controller bundle; standard build output. | ai | |
| source-diff | obfuscated-file:dist/cjs/common-CVrgX_aH.js | AI (source-diff): CJS common bundle; standard build output. | ai | |
| source-diff | obfuscated-file:dist/kolibri/color-DZ0Ata5E.js | AI (source-diff): Kolibri dist variant of color utility; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/common-B-m-0Sa1.js | AI (source-diff): Minified common bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/controller-Cf3CGZT-.js | AI (source-diff): Standard minified ESM controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/component-FodZSQiD.js | AI (source-diff): Standard minified build artifact; same pattern across all dist formats. | ai | |
| source-diff | obfuscated-file:dist/esm/component-FodZSQiD.js | AI (source-diff): Standard Vite/Rollup minified build output for established KoliBri UI library; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/kolibri/FormFieldStateWrapper-I4Dg2nCz.js | AI (source-diff): Standard minified kolibri-format build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/FormFieldStateWrapper-I4Dg2nCz.js | AI (source-diff): Standard minified ESM build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/FormFieldStateWrapper-CU7sL9TC.js | AI (source-diff): Standard minified CJS build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/FieldControlStateWrapper-bKthnrzB.js | AI (source-diff): Standard minified ESM build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/FieldControlStateWrapper-BCH2wWkM.js | AI (source-diff): Standard minified CJS build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-icon-CQfGuSEz.js | AI (source-diff): Standard minified kolibri-format icon controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/controller-icon-CQfGuSEz.js | AI (source-diff): Standard minified ESM icon controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-icon-B19DFw9q.js | AI (source-diff): Standard minified CJS icon controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/controller-H0TWImvv.js | AI (source-diff): Standard minified CJS controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/kolibri/controller-Cf3CGZT-.js | AI (source-diff): Standard minified kolibri-format controller build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/component-NrCy8bX0.js | AI (source-diff): Standard minified CJS build artifact for KoliBri components. | ai | |
| phantom-deps | phantom-dep:query-selector-all-shadow-root | AI (phantom-deps): query-selector-all-shadow-root is a legitimate shadow DOM utility; phantom-dep fires due to indirect/bundled usage pattern in this component library. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): clsx is a legitimate utility used in bundled component libraries; phantom-dep heuristic fires because imports are indirect/bundled, not a real missing dependency. | ai | |
| phantom-deps | phantom-dep:query-selector-shadow-root | AI (phantom-deps): query-selector-shadow-root is a legitimate shadow DOM utility; phantom-dep fires due to indirect/bundled usage pattern in this component library. | ai | |
| license | copyleft-license:EUPL-1.2 | AI (license): EUPL-1.2 is the standard license for this German government-backed open-source project; not a security concern and stable across versions. | ai | |
| phantom-deps | phantom-dep:typed-bem | AI (phantom-deps): Stencil build system references deps in config files rather than direct imports; phantom detection is a false positive for this build toolchain. | ai | |
| phantom-deps | phantom-dep:wcag-contrast | AI (phantom-deps): Same as typed-bem: Stencil build toolchain pattern causes phantom-dep false positives. | ai | |
| phantom-deps | phantom-dep:@floating-ui/dom | AI (phantom-deps): Same as typed-bem: Stencil build toolchain pattern causes phantom-dep false positives. | ai | |
| phantom-deps | phantom-dep:markdown-it | AI (phantom-deps): Same as typed-bem: Stencil build toolchain pattern causes phantom-dep false positives. | ai | |
| phantom-deps | phantom-dep:rgba-convert | AI (phantom-deps): Same as typed-bem: Stencil build toolchain pattern causes phantom-dep false positives. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs a bundled postinstall.js for Stencil-based setup (e.g., VS Code custom data). File is explicitly listed in package files. Institutional publisher with SLSA provenance; stable pattern across 557 versions. | ai | |
| phantom-deps | phantom-dep:color-rgba | AI (phantom-deps): Same as typed-bem: Stencil build toolchain pattern causes phantom-dep false positives. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 4.2.1 | 8 / 47 | |
| 4.2.0 | 8 / 47 | |
| 4.1.4 | 8 / 45 | |
| 4.1.3 | 8 / 45 | |
| 4.1.2 | 8 / 45 | |
| 4.1.1 | 8 / 43 | |
| 4.1.0 | 8 / 43 | |
| 4.0.3 | 8 / 45 | |
| 4.0.2 | 8 / 44 | |
| 4.0.1 | 14 / 0 | |
| 4.0.0 | 14 / 0 | |
| 3.1.5 | 15 / 0 | |
| 3.1.4 | 15 / 0 | |
| 3.1.3 | 15 / 0 | |
| 3.1.2 | 15 / 0 | |
| 3.1.1 | 15 / 0 | |
| 3.1.0 | 15 / 0 | |
| 3.0.9 | 15 / 0 | |
| 3.0.8 | 15 / 0 | |
| 2.2.23 | 13 / 0 | |
| 2.2.22 | 13 / 0 | |
| 2.2.21 | 13 / 0 | |
| 2.2.20 | 13 / 0 | |
| 2.2.19 | 13 / 0 | |
| 2.2.18 | 13 / 0 |
v4.2.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.3
2 findingsScript: node ./postinstall.js
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.1
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.3
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.2
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.5
12 findingsThis version was published by a different npm account than previous versions on 2026-04-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.4
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.3
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.2
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.1
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.9
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.23
5 findingsThis version was published by a different npm account than previous versions on 2026-04-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.22
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.20
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.19
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.18
18 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.