← Home

@revisium/admin

npm Repository Homepage

Revisium is a tool (UI/API) inspired by JSON (JSON Schema) and Git, designed to provide a flexible and low-level headless CMS solution.

5
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

revisium-io

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/assets/index-CTRDk3g_.js AI (source-diff): Standard Vite/Rolldown minified SPA bundle; not obfuscated malware. Stable pattern for this package. ai
source-diff net-exec-file:dist/assets/index-CTRDk3g_.js AI (source-diff): Network calls and dynamic code in a React SPA bundle are expected; no dropper behavior evident. ai
phantom-deps phantom-dep:@revisium/schema-toolkit-ui AI (phantom-deps): Same org scope; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@revisium/formula AI (phantom-deps): Same org scope; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@chakra-ui/react AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:vite-plugin-checker AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@uiw/react-codemirror AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
install-scripts install-script:postinstall AI (install-scripts): postinstall runs patch-package, a standard dev-dependency patching tool; no remote code execution. ai
phantom-deps phantom-dep:@atlaskit/drag-and-drop AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@uiw/codemirror-theme-github AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:react-top-loading-bar AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@zag-js/menu AI (phantom-deps): SPA bundle; deps referenced in config files rather than directly imported is expected for this package type. ai
phantom-deps phantom-dep:react-virtuoso AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@apollo/sandbox AI (phantom-deps): SPA bundle pattern; stable false positive for this package. ai
phantom-deps phantom-dep:react-router-dom AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:@casl/ability AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:@xyflow/react AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:react AI (phantom-deps): Bundled frontend app; deps compiled into dist, not directly imported as ESM. ai
phantom-deps phantom-dep:@codemirror/lang-json AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:@codemirror/lang-markdown AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:@emotion/react AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Same as react — bundled output pattern. ai
phantom-deps phantom-dep:vite AI (phantom-deps): Build tool used via config, not imported directly. ai
phantom-deps phantom-dep:mobx AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:mobx-utils AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:graphql AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:nanoid AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:date-fns AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:react-use AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:jwt-decode AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:react-icons AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:diff AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:graphql-request AI (phantom-deps): Bundled frontend app pattern. ai
phantom-deps phantom-dep:mobx-react-lite AI (phantom-deps): Bundled frontend app pattern. ai

Versions (showing 5 of 5)

Version Deps Published
2.6.0 32 / 27
2.5.2 32 / 27
2.5.1 32 / 27
2.3.0 31 / 28
2.2.1 30 / 28

v2.6.0

3 findings
HIGH New obfuscated file: dist/assets/index-CTRDk3g_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/assets/index-CTRDk3g_.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: patch-package

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.1

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: patch-package

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.