@remix_labs/mixc-starter
start the compiler in a web worker
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Webpack chunk loader pattern; not arbitrary user-controlled input. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): Filters process.env for debug_ keys — standard debug library pattern, not exfiltration. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Standard encoding switch-case handler, not obfuscated payload decoding. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get inside a Proxy trap — idiomatic JS, not evasion. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Webpack globalThis polyfill boilerplate; stable across versions. | ai | |
| phantom-deps | phantom-dep:@remix_labs/hub-client | AI (phantom-deps): Same-org dep; may be used indirectly via the bundled worker files. | ai |
Versions (showing 51 of 407)
| Version | Deps | Published |
|---|---|---|
| 2.8638.0 | 1 / 0 | |
| 2.8628.0 | 1 / 0 | |
| 2.8624.0 | 1 / 0 | |
| 2.8620.0 | 1 / 0 | |
| 2.8598.0 | 1 / 0 | |
| 2.8596.0 | 1 / 0 | |
| 2.8585.0 | 1 / 0 | |
| 2.8573.0 | 1 / 0 | |
| 2.8524.0 | 1 / 0 | |
| 2.8522.0 | 1 / 0 | |
| 2.8516.0 | 1 / 0 | |
| 2.8505.0 | 1 / 0 | |
| 2.8497.0 | 1 / 0 | |
| 2.8473.0 | 1 / 0 | |
| 2.8456.0 | 1 / 0 | |
| 2.8455.0 | 1 / 0 | |
| 2.8452.0 | 1 / 0 | |
| 2.8449.0 | 1 / 0 | |
| 2.8447.0 | 1 / 0 | |
| 2.8443.0 | 1 / 0 | |
| 2.8434.0 | 1 / 0 | |
| 2.8424.0 | 1 / 0 | |
| 2.8415.0 | 1 / 0 | |
| 2.8366.0 | 1 / 0 | |
| 2.8346.0 | 1 / 0 | |
| 2.8338.0 | 1 / 0 | |
| 2.8336.0 | 1 / 0 | |
| 2.8326.0 | 1 / 0 | |
| 2.8281.0 | 1 / 0 | |
| 2.8273.0 | 1 / 0 | |
| 2.8250.0 | 1 / 0 | |
| 2.8236.0 | 1 / 0 | |
| 2.8222.0 | 1 / 0 | |
| 2.8220.0 | 1 / 0 | |
| 2.8216.0 | 1 / 0 | |
| 2.8212.0 | 1 / 0 | |
| 2.8202.0 | 1 / 0 | |
| 2.8172.0 | 1 / 0 | |
| 2.8162.0 | 1 / 0 | |
| 2.8154.0 | 1 / 0 | |
| 2.8136.0 | 1 / 0 | |
| 2.8126.0 | 1 / 0 | |
| 2.8116.0 | 1 / 0 | |
| 2.8102.0 | 1 / 0 | |
| 2.8096.0 | 1 / 0 | |
| 2.8094.0 | 1 / 0 | |
| 2.8083.0 | 1 / 0 | |
| 2.8076.0 | 1 / 0 | |
| 2.8072.0 | 1 / 0 | |
| 2.8070.0 | 1 / 0 | |
| 2.8054.0 | 1 / 0 |
v2.8638.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8628.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8624.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8620.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8598.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8596.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8585.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8573.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8524.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8522.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8516.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8505.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8497.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8473.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8456.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8455.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8452.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8449.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8447.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8443.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8434.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8424.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8415.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8366.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8346.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8338.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8336.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8326.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8281.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8273.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8250.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8236.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8222.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8220.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8216.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8212.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8202.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8172.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8162.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8154.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8136.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8126.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8116.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8102.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8096.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8094.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8083.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8076.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8072.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8070.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8054.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.