@storm-software/linting-tools
⚡ A package containing various linting tools used to validate syntax, enforce design standards, and format code in a Storm workspace.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:bin/dist-UNI6WBNY.js | AI (source-diff): ESM counterpart of the same tsup bundle; same rationale as the CJS variant. | ai | |
| source-diff | obfuscated-file:bin/dist-CKGJU76Y.cjs | AI (source-diff): Standard tsup bundle output for a CLI linting tool; consistent with package's build pattern across 854 versions. | ai | |
| source-diff | obfuscated-file:bin/dist-4NPPYNEO.js | AI (source-diff): Standard tsup-bundled ESM CLI output; minification is expected in bin/ artifacts. | ai | |
| source-diff | obfuscated-file:bin/dist-W2LWBS72.cjs | AI (source-diff): Standard tsup-bundled CLI output for a linting tools package; minification is expected in bin/ artifacts. | ai | |
| source-diff | obfuscated-file:bin/dist-EYKW3DH5.cjs | AI (source-diff): Standard tsup/bundler output; minified but not obfuscated — readable module paths and no malicious patterns. | ai | |
| source-diff | obfuscated-file:bin/dist-PJ4KGJZQ.js | AI (source-diff): ESM counterpart of the same bundled CLI output; same reasoning applies. | ai | |
| source-diff | obfuscated-file:bin/dist-TEEZZYBG.js | AI (source-diff): ESM counterpart of the same bundled CLI artifact; expected minified output. | ai | |
| source-diff | obfuscated-file:bin/dist-FQXVMSLF.cjs | AI (source-diff): Bundled CLI artifact from tsup build; consistent with linting tool packaging across all versions. | ai | |
| source-diff | obfuscated-file:bin/dist-TA6D52DW.js | AI (source-diff): ESM counterpart of the same CLI bundle; same rationale as the CJS variant. | ai | |
| source-diff | obfuscated-file:bin/dist-SXWKXAUN.cjs | AI (source-diff): Standard tsup/rollup bundle output for storm-lint CLI; readable module references confirm legitimate bundling. | ai | |
| source-diff | obfuscated-file:bin/dist-ZJ5AUXFT.js | AI (source-diff): ESM counterpart of the same bundled CLI output; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:bin/dist-LZUZSGPH.cjs | AI (source-diff): Standard tsup/esbuild bundle output for a linting CLI; hashed filenames are normal for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:bin/dist-52RMLTE5.cjs | AI (source-diff): Standard tsup-bundled CLI artifact; minification is expected for this linting tools package. | ai | |
| source-diff | obfuscated-file:bin/dist-FWSAV5L3.js | AI (source-diff): Standard tsup-bundled CLI artifact; minification is expected for this linting tools package. | ai | |
| source-diff | obfuscated-file:bin/dist-CCESLB2R.js | AI (source-diff): Standard tsup-bundled CLI artifact (ESM variant); minification is expected for this linting tools package. | ai | |
| source-diff | obfuscated-file:bin/dist-MHNJ3OEL.cjs | AI (source-diff): Standard tsup-bundled CLI artifact; minification is expected for this linting tools package. | ai | |
| source-diff | obfuscated-file:bin/dist-4FGVKHWK.js | AI (source-diff): ESM counterpart of the same tsup bundle; same rationale applies. | ai | |
| source-diff | obfuscated-file:bin/dist-NL63INKN.cjs | AI (source-diff): Standard tsup/esbuild bundle output; readable module paths confirm legitimate bundled dependencies. | ai | |
| source-diff | obfuscated-file:bin/dist-KGN7PNLO.js | AI (source-diff): Standard tsup ESM bundle output; same pattern as CJS counterpart, stable for this package. | ai | |
| source-diff | obfuscated-file:bin/dist-RMMG4RJ4.cjs | AI (source-diff): Standard tsup bundle output for a linting CLI; pattern is stable across versions of this package. | ai | |
| source-diff | obfuscated-file:bin/dist-RWDY5X6T.js | AI (source-diff): Standard tsup/esbuild bundle output for a linting CLI; not obfuscation. | ai | |
| source-diff | obfuscated-file:bin/dist-Z5LQ3WIL.cjs | AI (source-diff): Standard tsup/esbuild bundle output for a linting CLI; not obfuscation. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Linting tool that spawns external linters; child_process is expected and stable across versions. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Subprocess env passing is standard for build/lint tools; no exfiltration pattern present. | ai | |
| phantom-deps | phantom-dep:@angular-devkit/architect | AI (phantom-deps): Declared runtime dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is a declared runtime dependency used indirectly via config loading. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get in Proxy/polyfill pattern; standard in bundled third-party libs. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode in bundled utility code; no network send or obfuscation context. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): Reads debug_ prefixed env vars only; standard debug library pattern. | ai |
Versions (showing 51 of 53)
| Version | Deps | Published |
|---|---|---|
| 1.133.67 | 2 / 28 | |
| 1.133.66 | 2 / 28 | |
| 1.133.65 | 2 / 28 | |
| 1.133.64 | 2 / 28 | |
| 1.133.63 | 2 / 28 | |
| 1.133.62 | 2 / 28 | |
| 1.133.61 | 2 / 28 | |
| 1.133.60 | 2 / 28 | |
| 1.133.59 | 2 / 28 | |
| 1.133.58 | 2 / 28 | |
| 1.133.57 | 2 / 28 | |
| 1.133.56 | 2 / 28 | |
| 1.133.55 | 2 / 28 | |
| 1.133.54 | 2 / 28 | |
| 1.133.53 | 2 / 28 | |
| 1.133.52 | 2 / 28 | |
| 1.133.51 | 2 / 28 | |
| 1.133.50 | 2 / 28 | |
| 1.133.49 | 2 / 28 | |
| 1.133.48 | 2 / 28 | |
| 1.133.47 | 2 / 28 | |
| 1.133.46 | 2 / 28 | |
| 1.133.45 | 2 / 28 | |
| 1.133.44 | 2 / 28 | |
| 1.133.43 | 2 / 28 | |
| 1.133.41 | 2 / 28 | |
| 1.133.40 | 2 / 28 | |
| 1.133.39 | 2 / 28 | |
| 1.133.38 | 2 / 28 | |
| 1.133.37 | 2 / 28 | |
| 1.133.36 | 2 / 28 | |
| 1.133.35 | 2 / 28 | |
| 1.133.32 | 2 / 28 | |
| 1.133.31 | 2 / 28 | |
| 1.133.30 | 2 / 28 | |
| 1.133.29 | 2 / 28 | |
| 1.133.28 | 2 / 28 | |
| 1.133.27 | 2 / 28 | |
| 1.133.26 | 2 / 28 | |
| 1.133.25 | 2 / 28 | |
| 1.133.24 | 2 / 28 | |
| 1.133.23 | 2 / 28 | |
| 1.133.22 | 2 / 28 | |
| 1.133.21 | 2 / 28 | |
| 1.133.20 | 2 / 28 | |
| 1.133.19 | 2 / 28 | |
| 1.133.18 | 2 / 28 | |
| 1.133.17 | 2 / 28 | |
| 1.133.16 | 2 / 28 | |
| 1.133.15 | 2 / 28 | |
| 1.133.14 | 2 / 28 |
v1.133.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.65
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.62
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-26, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.61
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-26, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.60
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-25, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.59
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.58
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.57
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.133.56
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.55
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.54
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.53
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.52
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.51
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.50
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.49
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.48
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.47
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.46
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.45
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.44
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.43
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.41
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.40
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.39
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.38
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.32
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.29
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/storm-software/storm-ops/blob/53d2ed234e902be71b97a3f927d2613f1a15731f/bin/chunk-6EEBJNMP.cjs#L7832 7830 | } 7831 | function I(t, e) { > 7832 | let n = { 7833 | ...process.env, 7834 | ...e
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/storm-software/storm-ops/blob/53d2ed234e902be71b97a3f927d2613f1a15731f/bin/chunk-JXR2CMYV.js#L7831 7829 | } 7830 | function I(t, e) { > 7831 | let n = { 7832 | ...process.env, 7833 | ...e
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.28
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.27
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.26
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.25
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.24
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.23
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.22
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.21
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.