@storybook/nextjs-vite
Storybook for Next.js and Vite: Develop, document, and test UI components in isolation
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/_node-chunks/lexer-DQCqS3nf-6N26HFWO.js | AI (source-diff): Bundled tsx lexer dependency; standard esbuild output for Storybook packages. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-D2A4UZ2L.js | AI (source-diff): Bundled jiti dependency; standard esbuild output for Storybook packages. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/lexer-DQCqS3nf-BJHXNNCN.js | AI (source-diff): Bundled tsx lexer via esbuild; minified but legitimate Storybook dist artifact. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-SPZ7EHJ7.js | AI (source-diff): Bundled jiti library via esbuild; minified but legitimate Storybook dist artifact. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-627O3YXZ.js | AI (source-diff): Storybook esbuild bundle of jiti dependency; minified dist output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/lexer-DQCqS3nf-M52HFDOS.js | AI (source-diff): Storybook esbuild bundle of tsx/lexer dependency; minified dist output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-WIUL6ZT6.js | AI (source-diff): Bundled jiti dependency with clear module path comments; standard Storybook build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-27TOFXJW.js | AI (source-diff): Bundled jiti dependency with Storybook CJS compat banner; minified build artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-BDT7L3C7.js | AI (source-diff): Bundled jiti library in Storybook's build output; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-2ZZEVGI6.js | AI (source-diff): Bundled minified copy of jiti library with Storybook esbuild banner; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-4CMIJECS.js | AI (source-diff): Standard esbuild bundle of jiti CJS module with visible Storybook compat banner; expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-BED7ALR5.js | AI (source-diff): Bundled jiti runtime; standard minified build artifact for Storybook's build tooling, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-5TMEJISF.js | AI (source-diff): Bundled copy of jiti (known JS runtime); minified/long lines are expected build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-YNKM764Y.js | AI (source-diff): Bundled copy of the jiti CJS shim; minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-3YYCO5MT.js | AI (source-diff): Bundled jiti library in Storybook's build output; minified but clearly labeled, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-WWVE2I2R.js | AI (source-diff): Bundled copy of jiti (TypeScript runtime); minified but clearly labeled, not malicious. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-FBARLPDP.js | AI (source-diff): Minified bundle of the jiti CJS module with Storybook esbuild banner; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-W6BENTAO.js | AI (source-diff): Bundled copy of the jiti library; minified but clearly identified in the file content as jiti.cjs from node_modules. | ai | |
| source-diff | net-exec-file:dist/_node-chunks/jiti-IPMXUHZ2.js | AI (source-diff): jiti is a legitimate TS/ESM loader; network+exec pattern is inherent to its design, not malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-IPMXUHZ2.js | AI (source-diff): Bundled jiti dist with Storybook esbuild CJS-compat banner; minified build artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-ZR467HFZ.js | AI (source-diff): Minified jiti bundle produced by Storybook's esbuild pipeline; readable identifiers, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-UAHRDRBR.js | AI (source-diff): Bundled minified copy of jiti (node_modules/jiti) — standard Storybook dist chunk, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-DGCT3T3J.js | AI (source-diff): Bundled minified copy of jiti CJS module via Storybook esbuild; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-N2TC7YXH.js | AI (source-diff): Standard esbuild bundle of jiti CJS module with Storybook compat banner; expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-HRCX47I2.js | AI (source-diff): Bundled jiti dependency; minified build artifact, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-2RQ2CGLH.js | AI (source-diff): Standard esbuild bundle of jiti dependency with Storybook CJS banner; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-D6B6D4KW.js | AI (source-diff): Bundled copy of jiti CJS via Storybook's esbuild pipeline; minification is expected build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-SXSKJGXN.js | AI (source-diff): Bundled jiti dependency with Storybook CJS compat banner; minified build artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-2H7OXLGQ.js | AI (source-diff): Minified bundle of jiti (TS runtime loader) produced by Storybook's esbuild pipeline; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/_node-chunks/jiti-2H7OXLGQ.js | AI (source-diff): jiti legitimately uses dynamic require/eval for TS transpilation; network+exec pattern is expected for this loader. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-Z4YKWYOP.js | AI (source-diff): Bundled jiti dependency in Storybook's node chunk output; minified build artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Standard bundled/minified build output for a Storybook framework; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-3RYQXKPB.js | AI (source-diff): Bundled jiti CJS module; minified build output from official Storybook toolchain, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-5SJR6CWU.js | AI (source-diff): Bundled copy of jiti CJS module via Storybook's esbuild pipeline; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-44GMJXW6.js | AI (source-diff): Bundled copy of the jiti library; minified but clearly labeled, not malicious. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size drop reflects build consolidation into fewer chunk files, not code removal. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-2ERZY5RM.js | AI (source-diff): Bundled minified copy of the jiti library; standard Storybook build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-APSVZBA2.js | AI (source-diff): Minified jiti CJS bundle wrapped in Storybook's esbuild output; standard build artifact, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-VNEZ3U6A.js | AI (source-diff): Bundled jiti dependency via esbuild; minified output is expected for Storybook's node chunk distribution. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-4WWMOANR.js | AI (source-diff): Bundled jiti dependency via Storybook esbuild; minified output is expected, not malicious. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-EX7C7BTH.js | AI (source-diff): Minified jiti bundled as a CJS-compat chunk; standard Storybook build artifact, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-DLB4UBAT.js | AI (source-diff): Bundled jiti library in standard esbuild/webpack output; not obfuscation, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-JKQPYHIF.js | AI (source-diff): Bundled jiti CJS module; minified build artifact from Storybook's esbuild pipeline, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-4ODJMGB7.js | AI (source-diff): Bundled jiti CJS build; minified but clearly labeled, standard Storybook build artifact. | ai | |
| source-diff | net-exec-file:dist/_node-chunks/jiti-FXPC5PW5.js | AI (source-diff): jiti is a legitimate TS/ESM runtime loader; network+exec pattern is inherent to its design, not malicious. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-FXPC5PW5.js | AI (source-diff): Bundled jiti CJS runtime; minified build artifact from official Storybook CI pipeline. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-QR66SKFO.js | AI (source-diff): Bundled copy of jiti (known npm package) with explicit Storybook esbuild banner; minification is expected for this build artifact. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-2CBNBVBO.js | AI (source-diff): Minified bundle of the jiti library via Storybook's esbuild pipeline; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-7YHMCNNC.js | AI (source-diff): Bundled minified copy of jiti CJS module via Storybook's esbuild pipeline; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-JVQPIEZS.js | AI (source-diff): Bundled minified copy of jiti (build tool dep); standard Storybook build artifact, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-JRQFOVII.js | AI (source-diff): Bundled jiti dependency with clear provenance comments; standard Storybook esbuild output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/_node-chunks/jiti-G5T5DJPM.js | AI (source-diff): jiti is a legitimate TS/ESM loader; network+exec pattern is inherent to its design, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-G5T5DJPM.js | AI (source-diff): Bundled jiti CJS runtime; minified by Storybook's esbuild pipeline, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/_node-chunks/jiti-DII334WQ.js | AI (source-diff): Bundled minified copy of the jiti library; standard Storybook dist chunk pattern, not malicious obfuscation. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; README links to external Storybook docs rather than embedding them — not a link farm. | ai |
Versions (showing 51 of 55)
| Version | Deps | Published |
|---|---|---|
| 10.4.2 | 5 / 6 | |
| 10.4.1 | 5 / 6 | |
| 10.4.0 | 5 / 6 | |
| 10.3.6 | 5 / 6 | |
| 10.3.5 | 5 / 6 | |
| 10.3.4 | 5 / 6 | |
| 10.3.3 | 5 / 6 | |
| 10.3.2 | 5 / 6 | |
| 10.3.1 | 5 / 6 | |
| 10.3.0 | 5 / 6 | |
| 10.2.19 | 5 / 6 | |
| 10.2.18 | 5 / 6 | |
| 10.2.17 | 5 / 6 | |
| 10.2.16 | 5 / 6 | |
| 10.2.15 | 5 / 6 | |
| 10.2.14 | 5 / 6 | |
| 10.2.13 | 5 / 6 | |
| 10.2.12 | 5 / 6 | |
| 10.2.11 | 5 / 6 | |
| 10.2.10 | 5 / 6 | |
| 10.2.9 | 5 / 6 | |
| 10.2.8 | 5 / 6 | |
| 10.2.7 | 5 / 6 | |
| 10.2.6 | 5 / 6 | |
| 10.2.5 | 5 / 6 | |
| 10.2.4 | 5 / 6 | |
| 10.2.3 | 5 / 6 | |
| 10.2.2 | 5 / 6 | |
| 10.2.1 | 5 / 6 | |
| 10.2.0 | 5 / 6 | |
| 10.1.11 | 5 / 6 | |
| 10.1.10 | 5 / 6 | |
| 10.1.9 | 5 / 6 | |
| 10.1.8 | 5 / 6 | |
| 10.1.7 | 5 / 6 | |
| 10.1.6 | 5 / 6 | |
| 10.1.5 | 5 / 6 | |
| 10.1.4 | 5 / 6 | |
| 10.1.3 | 5 / 6 | |
| 10.1.2 | 5 / 6 | |
| 10.1.1 | 5 / 6 | |
| 10.1.0 | 5 / 6 | |
| 10.0.8 | 5 / 6 | |
| 10.0.7 | 5 / 6 | |
| 10.0.6 | 5 / 6 | |
| 10.0.5 | 5 / 6 | |
| 10.0.4 | 5 / 6 | |
| 10.0.3 | 5 / 6 | |
| 10.0.2 | 5 / 6 | |
| 10.0.1 | 5 / 6 | |
| 10.0.0 | 5 / 6 |
v10.4.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.4.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.4.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.3.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.19
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.18
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.17
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.16
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.15
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.14
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.13
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.12
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.