@stryke/capnp
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Standard Cap'n Proto Bytes serialization codec; not obfuscation. | ai | |
| dependencies | unvetted-dep:capnp-es | AI (dependencies): capnp-es is the canonical Cap'n Proto ES module library; its use is expected and appropriate for this package. | ai | |
| source-diff | obfuscated-file:dist/helpers-rVOvMK2d.mjs | AI (source-diff): Minified ESM helpers bundle. Standard bundler output for this package, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-B7Tm_xbT.cjs | AI (source-diff): Minified Cap'n Proto compiler bundle. Content is legitimate Cap'n Proto schema compilation code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/helpers-DmrSADWE.cjs | AI (source-diff): Minified helpers bundle. Content is legitimate utility code (color themes, object helpers), not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-DGAyhMqI.mjs | AI (source-diff): Minified ESM Cap'n Proto compiler bundle. Content is legitimate Cap'n Proto schema compilation code, not malicious obfuscation. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is declared in package.json dependencies and used in bundled code. Same org scope, false positive for bundled imports. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is declared in package.json dependencies and used in bundled code. Phantom-dep analyzer false positive for bundled imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): @stryke/fs is declared in package.json dependencies and used in bundled code. Same org scope, false positive for bundled imports. | ai | |
| source-diff | obfuscated-file:schemas/src-DqIy7I3p.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto schema source. Standard build output; content is Cap'n Proto protocol code. | ai | |
| source-diff | obfuscated-file:dist/helpers-DSMRKdw1.cjs | AI (source-diff): Minified CJS bundle of helper utilities. Content shows standard module interop helpers and color theme definitions — benign build output. | ai | |
| source-diff | obfuscated-file:dist/capnp-es.GpvEvMIK-xNDcbmgx.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto library code produced by tsdown build tool. Content is recognizable Cap'n Proto protocol implementation, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-ChbJ-p6B.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto compiler code. Standard build output from tsdown; content is Cap'n Proto schema compilation logic. | ai | |
| source-diff | obfuscated-file:dist/dist-C1gSYYrg.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto dist code. Standard build output; content shows Cap'n Proto interface/RPC implementation. | ai | |
| source-diff | obfuscated-file:schemas/src-CGrmR2BO.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto schema source. Content is recognizable Cap'n Proto protocol code; standard build output. | ai | |
| source-diff | obfuscated-file:dist/capnp-es.GpvEvMIK-BsgDzeBH.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto library. Standard tsdown build output; content is Cap'n Proto protocol implementation. | ai | |
| source-diff | obfuscated-file:dist/compile-DJUj4hs3.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto compiler. Standard build output; content is Cap'n Proto schema compilation logic. | ai | |
| source-diff | obfuscated-file:dist/dist-CK47iMja.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto dist. Standard build output; content shows Cap'n Proto interface/RPC implementation. | ai | |
| source-diff | obfuscated-file:dist/helpers-BoKbpcuO.mjs | AI (source-diff): Minified ESM bundle of helper utilities. Standard tsdown build output for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): This package is a Cap'n Proto compiler CLI wrapper; child_process is required to invoke the capnpc binary. Expected and documented behavior for this package. | ai | |
| phantom-deps | phantom-dep:nanotar | AI (phantom-deps): nanotar is a declared runtime dep; phantom detection reflects bundling patterns in this monorepo package. | ai | |
| phantom-deps | phantom-dep:hex2dec | AI (phantom-deps): hex2dec is a declared runtime dep in a bundled package; phantom detection reflects bundling, not a real dependency issue. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is used in a standard Proxy handler pattern for Cap'n Proto struct access — legitimate and idiomatic JavaScript, not obfuscation. | ai |
Versions (showing 100 of 165)
| Version | Deps | Published |
|---|---|---|
| 0.12.111 | 5 / 11 | |
| 0.12.110 | 5 / 11 | |
| 0.12.109 | 5 / 11 | |
| 0.12.108 | 5 / 11 | |
| 0.12.107 | 5 / 11 | |
| 0.12.105 | 5 / 11 | |
| 0.12.104 | 5 / 11 | |
| 0.12.103 | 5 / 11 | |
| 0.12.102 | 5 / 11 | |
| 0.12.101 | 5 / 11 | |
| 0.12.100 | 5 / 11 | |
| 0.12.99 | 5 / 11 | |
| 0.12.98 | 5 / 11 | |
| 0.12.97 | 5 / 11 | |
| 0.12.96 | 5 / 11 | |
| 0.12.95 | 5 / 11 | |
| 0.12.94 | 5 / 11 | |
| 0.12.93 | 5 / 11 | |
| 0.12.92 | 5 / 11 | |
| 0.12.91 | 5 / 11 | |
| 0.12.90 | 5 / 11 | |
| 0.12.89 | 5 / 11 | |
| 0.12.88 | 5 / 11 | |
| 0.12.87 | 5 / 11 | |
| 0.12.86 | 5 / 11 | |
| 0.12.85 | 5 / 11 | |
| 0.12.84 | 5 / 11 | |
| 0.12.83 | 5 / 11 | |
| 0.12.82 | 5 / 11 | |
| 0.12.81 | 5 / 11 | |
| 0.12.80 | 5 / 10 | |
| 0.12.79 | 5 / 10 | |
| 0.12.75 | 5 / 10 | |
| 0.12.74 | 5 / 10 | |
| 0.12.73 | 5 / 10 | |
| 0.12.72 | 5 / 10 | |
| 0.12.71 | 5 / 10 | |
| 0.12.70 | 5 / 10 | |
| 0.12.69 | 5 / 10 | |
| 0.12.68 | 5 / 10 | |
| 0.12.67 | 5 / 10 | |
| 0.12.65 | 5 / 10 | |
| 0.12.64 | 5 / 10 | |
| 0.12.63 | 5 / 10 | |
| 0.12.62 | 5 / 10 | |
| 0.12.61 | 5 / 10 | |
| 0.12.60 | 5 / 10 | |
| 0.12.59 | 5 / 10 | |
| 0.12.58 | 5 / 10 | |
| 0.12.57 | 5 / 10 | |
| 0.12.56 | 5 / 10 | |
| 0.12.55 | 5 / 10 | |
| 0.12.54 | 5 / 10 | |
| 0.12.53 | 5 / 10 | |
| 0.12.52 | 5 / 10 | |
| 0.12.51 | 5 / 10 | |
| 0.12.50 | 5 / 10 | |
| 0.12.49 | 5 / 10 | |
| 0.12.48 | 5 / 10 | |
| 0.12.47 | 5 / 10 | |
| 0.12.46 | 5 / 10 | |
| 0.12.45 | 5 / 10 | |
| 0.12.44 | 5 / 10 | |
| 0.12.43 | 5 / 10 | |
| 0.12.42 | 5 / 10 | |
| 0.12.41 | 5 / 10 | |
| 0.12.33 | 5 / 10 | |
| 0.12.32 | 5 / 10 | |
| 0.12.31 | 5 / 10 | |
| 0.12.30 | 5 / 10 | |
| 0.12.29 | 5 / 10 | |
| 0.12.28 | 5 / 10 | |
| 0.12.27 | 5 / 10 | |
| 0.12.26 | 5 / 10 | |
| 0.12.25 | 5 / 10 | |
| 0.12.24 | 5 / 10 | |
| 0.12.23 | 5 / 10 | |
| 0.12.22 | 5 / 10 | |
| 0.12.21 | 5 / 10 | |
| 0.12.20 | 5 / 10 | |
| 0.12.19 | 5 / 10 | |
| 0.12.18 | 5 / 10 | |
| 0.12.17 | 5 / 10 | |
| 0.12.16 | 5 / 10 | |
| 0.12.15 | 5 / 10 | |
| 0.12.14 | 5 / 10 | |
| 0.12.13 | 5 / 10 | |
| 0.12.12 | 5 / 10 | |
| 0.12.11 | 5 / 10 | |
| 0.12.10 | 5 / 10 | |
| 0.12.9 | 5 / 10 | |
| 0.12.8 | 5 / 10 | |
| 0.12.7 | 5 / 10 | |
| 0.12.6 | 5 / 10 | |
| 0.12.5 | 5 / 10 | |
| 0.12.4 | 5 / 10 | |
| 0.12.3 | 5 / 10 | |
| 0.12.2 | 5 / 10 | |
| 0.12.1 | 5 / 10 | |
| 0.12.0 | 5 / 10 |
v0.12.111
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.110
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.109
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.108
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.107
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.105
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.104
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.103
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.102
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.101
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.100
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.99
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.98
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.97
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.95
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.94
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.93
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.92
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.91
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.85
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.69
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.68
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.50
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.43
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.42
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.