@sorrell/utilities
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Growth reflects new utility modules and effect library integration, not injected code. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase attributable to adding effect dependency and multiple new export modules. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): chalk is a legitimate runtime dep used in CLI/logging utilities; phantom-dep heuristic fires because it may only be imported in some subpaths. | ai | |
| semgrep | semgrep:silent-process-exec | AI (semgrep): Fires on a URL-opener helper (cmd /c start) in a publish utility script; not a reverse shell or miner pattern. | ai | |
| semgrep | semgrep:silent-process-exec-var | AI (semgrep): Same URL-opener context as silent-process-exec; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:Distribution/Types/Math/Math.Internal.Types.d.cts | AI (source-diff): Long lines are generated TypeScript permutation types (symmetric group), not obfuscated/malicious code. | ai |
Versions (showing 51 of 114)
| Version | Deps | Published |
|---|---|---|
| 1.2.31 | 2 / 8 | |
| 1.2.29 | 2 / 8 | |
| 1.2.28 | 3 / 8 | |
| 1.2.27 | 3 / 8 | |
| 1.2.26 | 3 / 8 | |
| 1.2.25 | 3 / 8 | |
| 1.2.23 | 3 / 8 | |
| 1.2.21 | 3 / 8 | |
| 1.2.20 | 3 / 8 | |
| 1.2.19 | 3 / 8 | |
| 1.2.18 | 3 / 8 | |
| 1.2.17 | 3 / 8 | |
| 1.2.16 | 3 / 8 | |
| 1.2.15 | 3 / 8 | |
| 1.2.14 | 3 / 8 | |
| 1.2.13 | 3 / 8 | |
| 1.2.12 | 3 / 8 | |
| 1.2.11 | 3 / 8 | |
| 1.2.9 | 3 / 8 | |
| 1.2.8 | 3 / 8 | |
| 1.2.7 | 3 / 8 | |
| 1.2.6 | 3 / 8 | |
| 1.2.5 | 3 / 8 | |
| 1.2.4 | 3 / 8 | |
| 1.2.2 | 3 / 8 | |
| 1.2.1 | 3 / 8 | |
| 1.2.0 | 3 / 8 | |
| 1.1.61 | 3 / 7 | |
| 1.1.60 | 3 / 10 | |
| 1.1.59 | 3 / 10 | |
| 1.1.58 | 3 / 10 | |
| 1.1.57 | 3 / 10 | |
| 1.1.56 | 3 / 10 | |
| 1.1.55 | 3 / 10 | |
| 1.1.54 | 3 / 10 | |
| 1.1.53 | 3 / 10 | |
| 1.1.52 | 2 / 11 | |
| 1.1.51 | 2 / 4 | |
| 1.1.50 | 2 / 4 | |
| 1.1.49 | 2 / 4 | |
| 1.1.48 | 2 / 4 | |
| 1.1.47 | 2 / 4 | |
| 1.1.46 | 2 / 4 | |
| 1.1.45 | 2 / 4 | |
| 1.1.44 | 2 / 4 | |
| 1.1.43 | 2 / 4 | |
| 1.1.42 | 2 / 4 | |
| 1.1.41 | 2 / 4 | |
| 1.1.40 | 2 / 4 | |
| 1.1.39 | 2 / 3 | |
| 1.1.38 | 2 / 3 |
v1.2.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.51
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.50
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.49
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.48
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.47
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.46
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.45
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.44
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.43
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.42
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.41
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.40
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.39
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.38
7 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L312 310 | switch (process.platform) { 311 | case "win32": > 312 | spawn("cmd", ["/c", "start", "", Url], { 313 | detached: true, 314 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L318 316 | break; 317 | case "darwin": > 318 | spawn("open", [Url], { 319 | detached: true, 320 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/GageSorrell/SorrellWm/blob/5ae14c1a36a565b8408cfdff6cfc81c145c7cb17/Distribution/Binaries/PublishBumpSafe.js#L324 322 | break; 323 | default: > 324 | spawn("xdg-open", [Url], { 325 | detached: true, 326 | stdio: "ignore"
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.