@tanstack/devtools
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/devtools/7D2JIOTG.js | AI (source-diff): Minified build artifact from tsup bundler; readable imports and logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/PYVV4DLY.js | AI (source-diff): Same bundler output pattern; solid-js/web imports and named functions confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools/MLU6VAGA.js | AI (source-diff): Standard minified build output from tsup/SolidJS; imports are readable and from known packages. | ai | |
| source-diff | obfuscated-file:dist/devtools/LWFCL6JT.js | AI (source-diff): Standard minified build output from tsup/SolidJS; imports are readable and from known packages. | ai | |
| source-diff | obfuscated-file:dist/devtools/UZDPUP5E.js | AI (source-diff): Standard tsup/solid-js build output with long bundled lines; not actual obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/AKRRB3KC.js | AI (source-diff): Standard tsup/solid-js build output with long bundled lines; not actual obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/MV3V7CMW.js | AI (source-diff): Standard tsup/solid-js minified build output; readable imports and logic confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/3YT62TLF.js | AI (source-diff): Standard tsup/solid-js minified build output; readable imports and logic confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/V5A7RKHW.js | AI (source-diff): SSR variant of the same minified bundle; same rationale as LF5QLUHI.js. | ai | |
| source-diff | obfuscated-file:dist/devtools/LF5QLUHI.js | AI (source-diff): Standard tsup/bundler minified output for a SolidJS devtools package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/OLELRPKB.js | AI (source-diff): Minified build artifact with readable SolidJS/TanStack imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/F57NNUQX.js | AI (source-diff): Minified build artifact with readable SolidJS/TanStack imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/4QORE6HP.js | AI (source-diff): Standard bundled/minified build output for a SolidJS devtools package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/54BPKEIS.js | AI (source-diff): Standard bundled/minified build output for a SolidJS devtools package; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/YRFZDV5N.js | AI (source-diff): Minified SolidJS bundle with readable imports; not obfuscated malware. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/MBQPV7BO.js | AI (source-diff): Minified SolidJS bundle with readable imports; not obfuscated malware. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/RHZRAMXS.js | AI (source-diff): Standard bundler minification output; SSR variant of same component bundle, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/MYTOQ6G4.js | AI (source-diff): Standard bundler minification output; readable imports and SolidJS component code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools/FY4PLC37.js | AI (source-diff): Minified build artifact with readable SolidJS imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/4DKZZTJY.js | AI (source-diff): Minified build artifact with readable SolidJS imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/QEKPWHXZ.js | AI (source-diff): Standard tsup/solid-js bundler output; long lines from minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/LMV5GWDT.js | AI (source-diff): Standard tsup/solid-js bundler output; long lines from minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/CEW5WR2V.js | AI (source-diff): Bundler (tsup) output for solid-js components; long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/VPJ3HSEY.js | AI (source-diff): Same tsup build output pattern; readable SolidJS imports confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools/UUNAZSBD.js | AI (source-diff): Standard minified SolidJS bundle output; readable imports and logic visible in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools/OBIHU6L6.js | AI (source-diff): Standard minified SolidJS bundle output; readable imports and logic visible in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools/5O5BBILC.js | AI (source-diff): Standard tsup bundler output; long lines are minified SolidJS components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/73UYH4PF.js | AI (source-diff): Standard tsup bundler output; long lines are minified SolidJS components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/JEZZ2PQE.js | AI (source-diff): Standard bundler output with readable SolidJS imports; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/devtools/7NDEDZB7.js | AI (source-diff): Standard bundler output with readable SolidJS imports; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/devtools/O4SGY7NG.js | AI (source-diff): Minified bundler output (tsup/SolidJS); readable imports and logic visible in sample. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/67YFWU65.js | AI (source-diff): Minified bundler output (tsup/SolidJS); readable imports and logic visible in sample. Stable false positive for this package. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): TanStack uses 0.0.0 as a placeholder version across its monorepo packages; not indicative of malicious intent. | ai | |
| source-diff | obfuscated-file:dist/devtools/DUZIYUCH.js | AI (source-diff): Standard tsup minified build output; readable imports confirm legitimate @tanstack devtools code. | ai | |
| source-diff | obfuscated-file:dist/devtools/EZ6UNLQL.js | AI (source-diff): Standard tsup minified build output; readable imports confirm legitimate @tanstack devtools code. | ai | |
| source-diff | obfuscated-file:dist/devtools/HKKVBS5C.js | AI (source-diff): Standard tsup build output; long lines are minified bundles, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/CR4IWRG4.js | AI (source-diff): Standard tsup build output; long lines are minified bundles, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/6XAY2RKM.js | AI (source-diff): Standard tsup/SolidJS minified build output; readable imports and logic, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/YM72BEIK.js | AI (source-diff): Standard tsup/SolidJS minified build output; SSR variant of the same component bundle. | ai | |
| source-diff | obfuscated-file:dist/devtools/W6LG6674.js | AI (source-diff): Minified build artifact with readable SolidJS imports; standard bundler output for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/7Z2ESJHO.js | AI (source-diff): Minified build artifact with readable SolidJS imports; standard bundler output for this package. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): kevinvandy and tkdodo are known TanStack ecosystem contributors; legitimate team expansion. | ai | |
| source-diff | obfuscated-file:dist/devtools/Y264CKBD.js | AI (source-diff): Standard tsup bundle output with readable SolidJS SSR code; same pattern as sibling file. | ai | |
| source-diff | obfuscated-file:dist/devtools/BX2FS55Z.js | AI (source-diff): Standard tsup bundle output with readable SolidJS code; long lines are minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/WI3NLQMI.js | AI (source-diff): Minified build artifact with readable imports; standard bundler output for this SolidJS devtools package. | ai | |
| source-diff | obfuscated-file:dist/devtools/7YOCA5XE.js | AI (source-diff): Minified build artifact with readable imports; standard bundler output for this SolidJS devtools package. | ai | |
| source-diff | obfuscated-file:dist/devtools/RZMDLR3T.js | AI (source-diff): Minified build artifact from tsup; imports are all legitimate @tanstack/* and solid-js packages. | ai | |
| source-diff | obfuscated-file:dist/devtools/OJR76FMH.js | AI (source-diff): Minified build artifact from tsup; imports are all legitimate @tanstack/* and solid-js packages. | ai |
Versions (showing 51 of 65)
| Version | Deps | Published |
|---|---|---|
| 0.12.2 | 9 / 3 | |
| 0.12.0 | 9 / 3 | |
| 0.11.2 | 9 / 3 | |
| 0.11.1 | 9 / 3 | |
| 0.11.0 | 9 / 3 | |
| 0.10.14 | 9 / 3 | |
| 0.10.13 | 9 / 3 | |
| 0.10.10 | 9 / 3 | |
| 0.10.9 | 9 / 3 | |
| 0.10.8 | 9 / 3 | |
| 0.10.7 | 9 / 3 | |
| 0.10.6 | 9 / 3 | |
| 0.10.5 | 9 / 3 | |
| 0.10.4 | 9 / 3 | |
| 0.10.3 | 9 / 3 | |
| 0.10.2 | 9 / 3 | |
| 0.10.1 | 9 / 3 | |
| 0.10.0 | 9 / 3 | |
| 0.9.2 | 9 / 3 | |
| 0.9.1 | 9 / 3 | |
| 0.9.0 | 9 / 3 | |
| 0.8.2 | 9 / 3 | |
| 0.8.1 | 9 / 3 | |
| 0.8.0 | 9 / 3 | |
| 0.7.0 | 9 / 3 | |
| 0.6.24 | 9 / 3 | |
| 0.6.23 | 9 / 3 | |
| 0.6.22 | 9 / 3 | |
| 0.6.21 | 9 / 3 | |
| 0.6.20 | 6 / 3 | |
| 0.6.19 | 6 / 3 | |
| 0.6.18 | 6 / 3 | |
| 0.6.17 | 6 / 3 | |
| 0.6.16 | 6 / 3 | |
| 0.6.15 | 6 / 3 | |
| 0.6.14 | 6 / 3 | |
| 0.6.13 | 6 / 3 | |
| 0.6.12 | 6 / 3 | |
| 0.6.11 | 6 / 3 | |
| 0.6.10 | 6 / 3 | |
| 0.6.9 | 6 / 3 | |
| 0.6.8 | 6 / 3 | |
| 0.6.7 | 6 / 1 | |
| 0.6.6 | 6 / 1 | |
| 0.6.5 | 6 / 1 | |
| 0.6.3 | 6 / 1 | |
| 0.6.2 | 6 / 1 | |
| 0.6.1 | 6 / 1 | |
| 0.6.0 | 6 / 1 | |
| 0.5.1 | 6 / 1 | |
| 0.5.0 | 6 / 1 |
v0.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.24
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.23
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.22
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.21
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.20
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.18
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.