@superblocksteam/vite-plugin-file-sync
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/ai-service/prompt-builder-service/static-fragments/platform-parts/system-specific-edit.js | AI (source-diff): Long-line content is an AI prompt string literal auto-generated from markdown; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ai-service/prompt-builder-service/static-fragments/platform-parts/system-specific-edit.d.ts | AI (source-diff): Type declaration for an AI prompt string; long line is the prompt content, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ai-service/prompt-builder-service/static-fragments/platform-parts/system-incremental.js | AI (source-diff): Long-line content is an AI prompt string literal auto-generated from markdown; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ai-service/prompt-builder-service/static-fragments/platform-parts/system-incremental.d.ts | AI (source-diff): Type declaration for an AI prompt string; long line is the prompt content, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/ai-service/agent/apis-system-prompt.d.ts | AI (source-diff): Long lines are embedded AI system prompt strings in a .d.ts declaration file, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/ai-service/prompt-builder-service/static-fragments/platform-parts/superblocks-theming-chakra-new.js | AI (source-diff): Long lines are embedded markdown documentation strings (AI prompts), not obfuscated code. Stable pattern for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New deps (tar, tokenlens, @babel/types, etc.) are all reputable packages matching the new AI service feature. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers are within the same Superblocks org; consistent with team growth. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 260 new files correspond to the new ai-service module; consistent with feature expansion, not injection. | ai | |
| source-diff | obfuscated-file:dist/ai-service/skills/system/superblocks-api/references/graphql.generated.d.ts | AI (source-diff): Long-line .d.ts files export markdown documentation strings; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/ai-service/skills/system/superblocks-api/references/rest-apis.generated.d.ts | AI (source-diff): Long-line .d.ts files export markdown documentation strings; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/ai-service/skills/system/superblocks-frontend/references/embedding.generated.d.ts | AI (source-diff): Long-line .d.ts files export markdown documentation strings; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/ai-service/skills/system/superblocks-api/references/code-blocks.generated.d.ts | AI (source-diff): Long-line .d.ts files export markdown documentation strings; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/ai-service/skills/system/third-party-migration/claude-design.generated.d.ts | AI (source-diff): Long lines are markdown documentation embedded as a string literal in a generated .d.ts file, not obfuscated code. | ai | |
| phantom-deps | phantom-dep:eventsource-parser | AI (phantom-deps): Config-referenced; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Framework-scoped, loaded by convention in build tooling. | ai | |
| phantom-deps | phantom-dep:lru-cache | AI (phantom-deps): Config-referenced dep in a build tool; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:lucide-static | AI (phantom-deps): Config-referenced; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/turndown | AI (phantom-deps): Type-only dep; not directly imported at runtime by design. | ai | |
| phantom-deps | phantom-dep:@superblocksteam/linter | AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@opentelemetry/api-logs | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@anthropic-ai/tokenizer | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:path-to-regexp | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@lezer/common | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tokenlens | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:winston | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ignore | AI (phantom-deps): Same monorepo pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:acorn | AI (phantom-deps): Monorepo build tool; phantom-dep heuristic fires on config-referenced deps, stable false positive. | ai |
Versions (showing 98 of 98)
| Version | Deps | Published |
|---|---|---|
| 2.0.126 | 49 / 43 | |
| 2.0.125 | 49 / 43 | |
| 2.0.124 | 49 / 43 | |
| 2.0.123 | 46 / 40 | |
| 2.0.122 | 46 / 40 | |
| 2.0.121 | 46 / 40 | |
| 2.0.120 | 46 / 40 | |
| 2.0.119 | 46 / 39 | |
| 2.0.118 | 46 / 39 | |
| 2.0.117 | 46 / 39 | |
| 2.0.114 | 45 / 39 | |
| 2.0.113 | 45 / 39 | |
| 2.0.112 | 45 / 39 | |
| 2.0.111 | 45 / 39 | |
| 2.0.110 | 45 / 39 | |
| 2.0.109 | 45 / 39 | |
| 2.0.108 | 45 / 39 | |
| 2.0.107 | 45 / 39 | |
| 2.0.106 | 45 / 39 | |
| 2.0.105 | 45 / 39 | |
| 2.0.104 | 45 / 39 | |
| 2.0.103 | 45 / 38 | |
| 2.0.102 | 44 / 38 | |
| 2.0.101 | 44 / 38 | |
| 2.0.89 | 40 / 35 | |
| 2.0.88 | 40 / 35 | |
| 2.0.87 | 40 / 35 | |
| 2.0.86 | 40 / 29 | |
| 2.0.85 | 40 / 29 | |
| 2.0.80 | 49 / 35 | |
| 2.0.79 | 49 / 35 | |
| 2.0.78 | 49 / 35 | |
| 2.0.77 | 46 / 33 | |
| 2.0.76 | 46 / 32 | |
| 2.0.75 | 46 / 32 | |
| 2.0.74 | 46 / 32 | |
| 2.0.73 | 46 / 32 | |
| 2.0.72 | 46 / 32 | |
| 2.0.71 | 46 / 32 | |
| 2.0.70 | 46 / 32 | |
| 2.0.69 | 46 / 32 | |
| 2.0.68 | 46 / 32 | |
| 2.0.67 | 46 / 31 | |
| 2.0.66 | 46 / 31 | |
| 2.0.65 | 46 / 31 | |
| 2.0.64 | 46 / 31 | |
| 2.0.63 | 46 / 31 | |
| 2.0.62 | 46 / 31 | |
| 2.0.61 | 46 / 31 | |
| 2.0.60 | 46 / 31 | |
| 2.0.59 | 46 / 31 | |
| 2.0.58 | 46 / 31 | |
| 2.0.57 | 46 / 31 | |
| 2.0.56 | 46 / 31 | |
| 2.0.55 | 45 / 31 | |
| 2.0.54 | 45 / 31 | |
| 2.0.53 | 45 / 31 | |
| 2.0.52 | 45 / 31 | |
| 2.0.51 | 45 / 31 | |
| 2.0.50 | 45 / 31 | |
| 2.0.49 | 45 / 31 | |
| 2.0.42 | 43 / 32 | |
| 2.0.41 | 43 / 32 | |
| 2.0.40 | 41 / 32 | |
| 2.0.39 | 41 / 32 | |
| 2.0.38 | 41 / 32 | |
| 2.0.37 | 41 / 32 | |
| 2.0.36 | 41 / 32 | |
| 2.0.35 | 41 / 32 | |
| 2.0.34 | 38 / 30 | |
| 2.0.33 | 38 / 30 | |
| 2.0.32 | 38 / 30 | |
| 2.0.31 | 38 / 30 | |
| 2.0.30 | 38 / 30 | |
| 2.0.29 | 38 / 30 | |
| 2.0.28 | 38 / 30 | |
| 2.0.27 | 38 / 30 | |
| 2.0.26 | 38 / 30 | |
| 2.0.25 | 37 / 31 | |
| 2.0.24 | 37 / 31 | |
| 2.0.23 | 37 / 31 | |
| 2.0.22 | 37 / 31 | |
| 2.0.21 | 37 / 31 | |
| 2.0.20 | 37 / 28 | |
| 2.0.19 | 34 / 28 | |
| 2.0.18 | 33 / 28 | |
| 2.0.17 | 33 / 28 | |
| 2.0.16 | 33 / 28 | |
| 2.0.15 | 33 / 28 | |
| 2.0.14 | 33 / 28 | |
| 2.0.13 | 33 / 28 | |
| 2.0.12 | 33 / 28 | |
| 2.0.11 | 33 / 28 | |
| 2.0.10 | 33 / 26 | |
| 2.0.4 | 31 / 25 | |
| 2.0.2 | 31 / 25 | |
| 2.0.1 | 31 / 25 | |
| 2.0.0 | 31 / 25 |
v2.0.126
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.125
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.124
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.123
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.122
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.121
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.120
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.119
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.118
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.117
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.114
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.111
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.110
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.103
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.89
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.88
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.87
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.86
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.85
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.80
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.79
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.75
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.72
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.42
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.41
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.40
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.39
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.38
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.37
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.36
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.35
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.19
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.18
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.