@reltio/profile — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

egorshkovvitaly.gerasevalexander.leshukovreltio-ui-coemanpreet_hayerandrew.borovin.reltioamith.ravuru

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	encoded-string-file:bundle.js	AI (source-diff): Standard webpack/UMD bundle output; long encoded strings are base64-encoded source maps or icon data, not malicious payloads.	ai	2026/06/04
npm-metadata	no-description	AI (npm-metadata): Consistent pattern across this org's packages; not a malware signal.	ai	2026/05/26
phantom-deps	phantom-dep:@reltio/mdm-sdk	AI (phantom-deps): Same org scope; likely re-exported or used indirectly via bundled output.	ai	2026/05/26
phantom-deps	phantom-dep:@reltio/mdm-module	AI (phantom-deps): Same org scope; likely re-exported or used indirectly via bundled output.	ai	2026/05/26
bogus-package	bogus-package	AI (bogus-package): Internal enterprise package; missing metadata is expected for org-scoped private packages with 1842+ versions.	ai	2026/05/26
phantom-deps	phantom-dep:@reltio/interactions	AI (phantom-deps): Same org scope; likely re-exported or used indirectly via bundled output.	ai	2026/05/26
phantom-deps	phantom-dep:html2canvas	AI (phantom-deps): Referenced in config files; stable false positive for this bundled package.	ai	2026/05/26
phantom-deps	phantom-dep:object-hash	AI (phantom-deps): Referenced in config files; stable false positive for this bundled package.	ai	2026/05/26
phantom-deps	phantom-dep:@reltio/components	AI (phantom-deps): Same org scope; likely re-exported or used indirectly via bundled output.	ai	2026/05/26

Versions (showing 100 of 157)

Version	Deps	Published
1.4.2332	6 / 0	2026-06-03
1.4.2331	6 / 0	2026-06-03
1.4.2330	6 / 0	2026-05-28
1.4.2329	6 / 0	2026-05-28
1.4.2328	6 / 0	2026-05-25
1.4.2327	6 / 0	2026-05-21
1.4.2326	6 / 0	2026-05-19
1.4.2325	6 / 0	2026-05-19
1.4.2324	6 / 0	2026-05-13
1.4.2323	6 / 0	2026-05-07
1.4.2322	6 / 0	2026-05-07
1.4.2321	6 / 0	2026-05-07
1.4.2320	6 / 0	2026-04-30
1.4.2319	6 / 0	2026-04-28
1.4.2318	6 / 0	2026-04-28
1.4.2317	6 / 0	2026-04-23
1.4.2316	6 / 0	2026-04-23
1.4.2315	6 / 0	2026-04-23
1.4.2314	6 / 0	2026-04-21
1.4.2313	6 / 0	2026-04-15
1.4.2312	6 / 0	2026-04-10
1.4.2311	6 / 0	2026-04-08
1.4.2310	6 / 0	2026-04-08
1.4.2309	6 / 0	2026-04-02
1.4.2308	6 / 0	2026-04-02
1.4.2307	6 / 0	2026-03-27
1.4.2306	6 / 0	2026-03-27
1.4.2305	6 / 0	2026-03-24
1.4.2304	6 / 0	2026-03-20
1.4.2303	6 / 0	2026-03-19
1.4.2302	6 / 0	2026-03-18
1.4.2301	6 / 0	2026-03-13
1.4.2300	6 / 0	2026-03-11
1.4.2299	6 / 0	2026-03-10
1.4.2298	6 / 0	2026-03-04
1.4.2297	6 / 0	2026-02-26
1.4.2296	6 / 0	2026-02-25
1.4.2295	6 / 0	2026-02-25
1.4.2294	6 / 0	2026-02-20
1.4.2293	6 / 0	2026-02-19
1.4.2292	6 / 0	2026-02-13
1.4.2291	6 / 0	2026-02-06
1.4.2290	6 / 0	2026-01-27
1.4.2289	6 / 0	2026-01-27
1.4.2288	6 / 0	2026-01-27
1.4.2287	6 / 0	2026-01-27
1.4.2286	6 / 0	2026-01-23
1.4.2285	6 / 0	2026-01-23
1.4.2281	6 / 0	2025-12-10
1.4.2280	6 / 0	2025-12-04
1.4.2279	6 / 0	2025-12-04
1.4.2278	6 / 0	2025-12-04
1.4.2277	6 / 0	2025-12-04
1.4.2276	6 / 0	2025-12-02
1.4.2275	6 / 0	2025-11-28
1.4.2274	6 / 0	2025-11-28
1.4.2273	6 / 0	2025-11-27
1.4.2272	6 / 0	2025-11-24
1.4.2271	6 / 0	2025-11-14
1.4.2270	6 / 0	2025-11-14
1.4.2269	6 / 0	2025-11-11
1.4.2268	6 / 0	2025-11-06
1.4.2267	6 / 0	2025-11-06
1.4.2266	6 / 0	2025-11-06
1.4.2265	6 / 0	2025-11-05
1.4.2264	6 / 0	2025-11-04
1.4.2263	6 / 0	2025-10-30
1.4.2262	6 / 0	2025-10-24
1.4.2261	6 / 0	2025-10-23
1.4.2260	6 / 0	2025-10-23
1.4.2259	6 / 0	2025-10-21
1.4.2258	6 / 0	2025-10-15
1.4.2257	6 / 0	2025-10-15
1.4.2256	6 / 0	2025-10-14
1.4.2255	6 / 0	2025-10-09
1.4.2254	6 / 0	2025-10-09
1.4.2253	6 / 0	2025-10-07
1.4.2252	6 / 0	2025-10-01
1.4.2251	6 / 0	2025-10-01
1.4.2250	6 / 0	2025-09-27
1.4.2249	6 / 0	2025-09-26
1.4.2248	6 / 0	2025-09-23
1.4.2247	6 / 0	2025-09-23
1.4.2246	6 / 0	2025-09-19
1.4.2245	6 / 0	2025-09-18
1.4.2244	6 / 0	2025-09-09
1.4.2243	6 / 0	2025-09-09
1.4.2242	6 / 0	2025-09-08
1.4.2241	6 / 0	2025-09-04
1.4.2240	6 / 0	2025-09-04
1.4.2239	6 / 0	2025-09-02
1.4.2238	6 / 0	2025-08-28
1.4.2237	6 / 0	2025-08-28
1.4.2236	6 / 0	2025-08-28
1.4.2235	6 / 0	2025-08-25
1.4.2234	6 / 0	2025-08-20
1.4.2233	6 / 0	2025-08-18
1.4.2232	6 / 0	2025-08-18
1.4.2231	6 / 0	2025-08-18
1.4.2230	6 / 0	2025-08-18

Showing 100 of 157 Next page →

v1.4.2332

2 findings

HIGH Long encoded string in modified file: bundle.js source-diff

Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.