@scaleflex/uploader
Framework-agnostic file upload widget for Scaleflex VXP
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/sfx-uploader-DeoNLlUF.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; content is i18n/utility code consistent with the package's purpose. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DTl3Llk5.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; content shows OAuth/localStorage token handling for cloud provider integration. | ai | |
| source-diff | obfuscated-file:dist/index-BFdI2Vy7.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; content is readable uploader logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/index-8ecRYGV0.cjs | AI (source-diff): Standard Vite minified build output; code samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DUV8PlRB.cjs | AI (source-diff): Standard Vite minified build output; code samples show i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CbQBeIXg.cjs | AI (source-diff): Standard Vite minified build output; code samples show OAuth/provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DJbfGjIm.cjs | AI (source-diff): Standard Vite minified build output; samples show i18n/Lit component logic consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/index-C044Lmf6.cjs | AI (source-diff): Standard Vite minified build output for this uploader package; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DnTZtya1.cjs | AI (source-diff): Standard Vite minified build output; samples show OAuth/localStorage token handling consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-C59ikb9g.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; sample shows i18n/utility code consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CZ-DJc6K.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; sample shows OAuth/localStorage token handling consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-BY2aP3TY.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; readable business logic visible in sample, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Cfx0ch81.cjs | AI (source-diff): Standard Vite minified bundle output; code samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-B3I-DKmA.cjs | AI (source-diff): Standard Vite minified bundle; code shows file upload state management logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-qpZWkfnp.cjs | AI (source-diff): Standard Vite minified bundle; code shows OAuth provider browser integration, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DkQ80HFv.cjs | AI (source-diff): Standard Vite minified build output; samples show OAuth/cloud-provider browser logic, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-9Tw_J6tX.cjs | AI (source-diff): Standard Vite minified build output; samples show i18n/utility helpers, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/index-iwitoRN1.cjs | AI (source-diff): Standard Vite minified build output; samples show normal uploader logic, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DJY_2MqA.cjs | AI (source-diff): Vite-minified bundle; content is i18n/utility code consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/index-7jTf4POF.cjs | AI (source-diff): Vite-minified bundle; content is readable business logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BEfLYXIS.cjs | AI (source-diff): Vite-minified bundle; content is OAuth/localStorage provider logic consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-C0DwIUVX.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show OAuth/cloud-provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BrdR9BBC.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show file upload state management, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-DRc9qUhl.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-C9I4yhZ9.cjs | AI (source-diff): Standard Vite minified CJS bundle; OAuth/provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BkD48or1.cjs | AI (source-diff): Standard Vite minified CJS bundle; i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Dln1ptPu.cjs | AI (source-diff): Standard Vite minified CJS bundle; readable business logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-yKD2vwDL.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable OAuth/file-picker logic. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-D7D-7LVt.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/index-XMhqia5v.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable business logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CYvKyggQ.cjs | AI (source-diff): Standard Vite/Rollup minified build output; sample shows OAuth provider browser integration logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-FcRKG7Z8.cjs | AI (source-diff): Standard Vite/Rollup minified build output for this UI widget package; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DNEmx_1F.cjs | AI (source-diff): Standard Vite/Rollup minified build output; sample shows i18n/utility code consistent with uploader widget, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:i18next-http-backend | AI (phantom-deps): Used as i18next plugin loaded via config rather than direct import; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-B7DPp8JT.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show file upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BtiWQKFS.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show OAuth provider browser integration. | ai | |
| source-diff | obfuscated-file:dist/index-BpTfwkwD.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show legitimate upload widget logic. | ai | |
| source-diff | obfuscated-file:dist/index-DLXATk4W.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable and benign in samples. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BtW8NKRh.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; upload/state-management logic visible in sample, no malware indicators. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DX1V8p7k.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; OAuth/file-picker logic visible in sample, no malware indicators. | ai | |
| source-diff | obfuscated-file:dist/index-Bl7X23OY.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CuemxuWJ.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show file upload state management, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BooCl9Xv.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show OAuth/file-picker logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-CHWxSjUc.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable business logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-FRMs7J5q.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-gHt8SmZF.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable OAuth/file-picker logic. | ai | |
| source-diff | obfuscated-file:dist/index-Dsevyf8w.cjs | AI (source-diff): Standard Vite minified bundle output; samples show legitimate uploader logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Bk9fU_8P.cjs | AI (source-diff): Standard Vite minified bundle; samples show file upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-K-FR84FY.cjs | AI (source-diff): Standard Vite minified bundle; samples show OAuth/cloud-provider browser integration code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Br61ugq7.cjs | AI (source-diff): Vite/Rollup minified bundle; samples show i18next/LitElement uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CM6iGuKO.cjs | AI (source-diff): Vite/Rollup minified bundle; samples show standard OAuth provider browser integration. | ai | |
| source-diff | obfuscated-file:dist/index-B-dbj3YY.cjs | AI (source-diff): Vite/Rollup minified bundle output; code is readable and benign in samples. | ai | |
| source-diff | obfuscated-file:dist/index-DHCML5-W.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show readable business logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-C8ZjovD6.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-c3CwLX_n.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show OAuth/localStorage provider logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DXyLpoIJ.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DbjyF_Ou.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CpKFlkgS.cjs | AI (source-diff): Vite build output with hashed filename; sample shows plain minified component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DajdSDoL.cjs | AI (source-diff): Vite build output with hashed filename; sample shows plain LitElement code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-D1QE07Cn.cjs | AI (source-diff): Standard Vite minified bundle output; readable file-upload logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-YA7MCWl4.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Bg6CR-ID.cjs | AI (source-diff): Standard Vite minified build output; content is readable uploader core logic. | ai | |
| phantom-deps | phantom-dep:tus-js-client | AI (phantom-deps): tus-js-client is a declared runtime dependency; bundled by Vite so not directly imported at module level. | ai | |
| source-diff | obfuscated-file:dist/index-ZNX436Kx.cjs | AI (source-diff): Standard Vite minified build output; content is readable upload widget logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DlnjPqY9.cjs | AI (source-diff): Standard Vite minified build output; content is readable OAuth/cloud-provider browser logic. | ai |
Versions (showing 32 of 32)
| Version | Deps | Published |
|---|---|---|
| 1.3.15 | 4 / 9 | |
| 1.3.7 | 4 / 9 | |
| 1.3.5 | 4 / 9 | |
| 1.3.4 | 4 / 9 | |
| 1.3.3 | 4 / 9 | |
| 1.3.2 | 4 / 9 | |
| 1.3.1 | 4 / 9 | |
| 1.2.5 | 4 / 9 | |
| 1.2.4 | 4 / 9 | |
| 1.2.3 | 4 / 9 | |
| 1.2.2 | 4 / 9 | |
| 1.0.10 | 2 / 9 | |
| 1.0.7 | 2 / 9 | |
| 1.0.6 | 2 / 9 | |
| 1.0.5 | 2 / 9 | |
| 1.0.4 | 2 / 9 | |
| 1.0.3 | 2 / 9 | |
| 1.0.2 | 2 / 9 | |
| 1.0.0 | 2 / 9 | |
| 0.2.11 | 2 / 9 | |
| 0.2.10 | 2 / 9 | |
| 0.2.9 | 2 / 9 | |
| 0.2.8 | 2 / 9 | |
| 0.2.7 | 1 / 9 | |
| 0.2.6 | 1 / 9 | |
| 0.2.5 | 1 / 9 | |
| 0.2.4 | 1 / 9 | |
| 0.2.3 | 1 / 9 | |
| 0.2.2 | 1 / 9 | |
| 0.2.1 | 1 / 9 | |
| 0.2.0 | 1 / 9 | |
| 0.1.0 | 1 / 9 |
v1.3.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-06-05, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-03, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-03, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-02, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.11
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.