@substrate/connect-known-chains
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/commonjs/specs/paseo.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/ksmcc3.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/westend2.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/specs/ksmcc3.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/specs/westend2.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/rococo_v2_2.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/specs/rococo_v2_2.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/rococo_v2_2_asset_hub.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/specs/rococo_v2_2_asset_hub.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/polkadot.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/specs/polkadot.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/specs/paseo.js | AI (source-diff): Long lines are hex-encoded genesis state data in JSON chain specs — the package's core purpose. Not obfuscation. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Package is published by the official paritytech org account; maintainer additions within Parity are routine personnel changes. | ai | |
| source-diff | obfuscated-file:dist/specs/rococo_v2_2_asset_hub.cjs | AI (source-diff): File contains Substrate chain spec JSON with hex-encoded blockchain state data (BABE epoch changes, light sync state). Long lines are expected for this data-distribution package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removal within the Parity org is a routine personnel change; publisher remains the paritytech org account. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are chain specification JSONs and their CJS/ESM bundles — the core deliverable of this package. Adding new parachain specs naturally increases file count. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs 'yarn build-js-specs' (node scripts/build-js-specs.js) to compile chain spec files — a documented, legitimate build step for this Parity Technologies chain-specs package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established Parity Technologies package (877 days, 41 versions); sparse README/keywords are cosmetic issues, not spam indicators. | ai | |
| source-diff | obfuscated-file:dist/specs/paseo.cjs | AI (source-diff): Paseo chainspec data — long lines are blockchain boot node lists and chain configuration JSON, not obfuscated malicious code. Expected content for this package. | ai | |
| source-diff | obfuscated-file:dist/specs/paseo.js | AI (source-diff): Paseo chainspec data — long lines are blockchain boot node lists and chain configuration JSON, not obfuscated malicious code. Expected content for this package. | ai | |
| source-diff | encoded-string-file:dist/specs/westend2.cjs | AI (source-diff): Long hex strings are SCALE-encoded Westend chain spec data. This is the expected content for a known-chains package. | ai | |
| source-diff | encoded-string-file:dist/specs/rococo_v2_2.cjs | AI (source-diff): Long hex strings are SCALE-encoded Rococo chain spec data. This is the expected content for a known-chains package. | ai | |
| source-diff | encoded-string-file:dist/specs/polkadot.cjs | AI (source-diff): Long hex strings are SCALE-encoded Polkadot chain spec data. This is the expected content for a known-chains package. | ai | |
| source-diff | encoded-string-file:dist/specs/ksmcc3.cjs | AI (source-diff): Long hex strings are SCALE-encoded Kusama chain spec data. This is the expected content for a known-chains package. | ai | |
| source-diff | encoded-string-file:dist/index.cjs | AI (source-diff): Long hex strings are SCALE-encoded blockchain chain spec data (lightSyncState, babeEpochChanges, etc.) — the core purpose of this package. Not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): paritytech-ci is Parity's CI automation account (1687 approved, 0 rejected, 1493 days old). Transition from paritytech to paritytech-ci is a legitimate org-level CI/CD migration. | ai | |
| source-diff | encoded-string-file:dist/commonjs/specs/ksmcc3.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data (babeEpochChanges, lightSyncState) — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/commonjs/specs/westend2.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/esm/specs/polkadot.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/commonjs/specs/polkadot.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/esm/specs/paseo.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/commonjs/specs/paseo.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/esm/specs/ksmcc3.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai | |
| source-diff | encoded-string-file:dist/esm/specs/westend2.js | AI (source-diff): Long hex strings are SCALE-encoded blockchain state data — the core content of this chain-spec package. Stable false positive. | ai |
Versions (showing 41 of 41)
| Version | Deps | Published |
|---|---|---|
| 1.10.3 | 0 / 2 | |
| 1.10.2 | 0 / 2 | |
| 1.10.1 | 0 / 2 | |
| 1.10.0 | 0 / 2 | |
| 1.9.3 | 0 / 2 | |
| 1.9.2 | 0 / 2 | |
| 1.9.1 | 0 / 2 | |
| 1.9.0 | 0 / 2 | |
| 1.8.1 | 0 / 2 | |
| 1.8.0 | 0 / 2 | |
| 1.7.0 | 0 / 2 | |
| 1.6.0 | 0 / 2 | |
| 1.5.0 | 0 / 2 | |
| 1.4.1 | 0 / 1 | |
| 1.4.0 | 0 / 1 | |
| 1.3.0 | 0 / 1 | |
| 1.2.2 | 0 / 1 | |
| 1.2.1 | 0 / 1 | |
| 1.2.0 | 0 / 1 | |
| 1.1.11 | 0 / 1 | |
| 1.1.10 | 0 / 1 | |
| 1.1.9 | 0 / 1 | |
| 1.1.8 | 0 / 1 | |
| 1.1.7 | 0 / 1 | |
| 1.1.6 | 0 / 1 | |
| 1.1.5 | 0 / 1 | |
| 1.1.4 | 0 / 1 | |
| 1.1.3 | 0 / 1 | |
| 1.1.2 | 0 / 1 | |
| 1.1.1 | 0 / 1 | |
| 1.1.0 | 0 / 1 | |
| 1.0.9 | 0 / 1 | |
| 1.0.8 | 0 / 1 | |
| 1.0.7 | 0 / 1 | |
| 1.0.6 | 0 / 1 | |
| 1.0.5 | 0 / 1 | |
| 1.0.4 | 0 / 1 | |
| 1.0.3 | 0 / 3 | |
| 1.0.2 | 0 / 3 | |
| 1.0.1 | 0 / 3 | |
| 1.0.0 | 0 / 3 |
v1.10.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.2
9 findingsModified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.0
14 findingsThis version was published by a different npm account than previous versions on 2025-04-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.3
14 findingsThis version was published by a different npm account than previous versions on 2025-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.2
14 findingsThis version was published by a different npm account than previous versions on 2025-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.1
14 findingsThis version was published by a different npm account than previous versions on 2025-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.0
14 findingsThis version was published by a different npm account than previous versions on 2025-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.1
14 findingsThis version was published by a different npm account than previous versions on 2024-12-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
14 findingsThis version was published by a different npm account than previous versions on 2024-11-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
14 findingsThis version was published by a different npm account than previous versions on 2024-11-05. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
14 findingsThis version was published by a different npm account than previous versions on 2024-10-17. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.0
14 findingsThis version was published by a different npm account than previous versions on 2024-10-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.1
14 findingsThis version was published by a different npm account than previous versions on 2024-09-19. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
14 findingsThis version was published by a different npm account than previous versions on 2024-09-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
8 findingsThis version was published by a different npm account than previous versions on 2024-08-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 21 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.2
9 findingsThis version was published by a different npm account than previous versions on 2024-08-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
9 findingsThis version was published by a different npm account than previous versions on 2024-08-02. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
9 findingsThis version was published by a different npm account than previous versions on 2024-07-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.11
7 findingsThis version was published by a different npm account than previous versions on 2024-07-18. This could indicate a legitimate maintainer transition or an account compromise.
Modified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.10
7 findingsThis version was published by a different npm account than previous versions on 2024-07-17. This could indicate a legitimate maintainer transition or an account compromise.
Modified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.9
6 findingsModified file contains 18 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 3 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-04-12. This could indicate a legitimate maintainer transition or an account compromise.
v1.1.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
2 findingsScript: yarn build-js-specs
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
2 findingsScript: yarn build-js-specs
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.