@tanstack/router-devtools-core
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-TVrd9NKL.cjs | AI (source-diff): Standard minified build output for TanStack devtools UI; samples show normal SolidJS/SVG component code. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-B12ktJLj.js | AI (source-diff): Standard minified build output for TanStack devtools UI; samples show normal SolidJS/SVG component code. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-M-UhaKLc.cjs | AI (source-diff): Long lines are inlined SVG markup in minified build output, not obfuscation; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-U4pxMObm.js | AI (source-diff): Same minified SVG/SolidJS build artifact pattern; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-Dz-7tBRe.js | AI (source-diff): Standard minified build output from vite build; samples show legitimate SolidJS/SVG devtools code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-BGIBDKFY.cjs | AI (source-diff): Standard minified build output from vite build; samples show legitimate SolidJS/SVG devtools code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-CnpwH7La.js | AI (source-diff): Standard minified build output from official TanStack Router monorepo; SLSA provenance confirms CI/CD origin. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-CQ2gLjaA.cjs | AI (source-diff): Standard minified build output from official TanStack Router monorepo; SLSA provenance confirms CI/CD origin. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-Oh23ljuQ.cjs | AI (source-diff): Vite-minified bundle with readable imports and SVG content; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-CXkXeTp3.js | AI (source-diff): Vite-minified bundle with readable imports and SVG content; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-T0qLsnH5.js | AI (source-diff): Standard Vite build output with minified SVG/JS; not obfuscated malware. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-Cf2-YTwN.cjs | AI (source-diff): Standard Vite build output with minified SVG/JS; not obfuscated malware. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-B7vy70jP.js | AI (source-diff): Standard minified ESM build output; samples show normal devtools component imports, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-C-LyXpEh.cjs | AI (source-diff): Standard minified build output for devtools UI; samples show SolidJS/SVG component code, no malicious patterns. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Added maintainers are known TanStack ecosystem contributors; consistent with project growth. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-DVpgfFhb.cjs | AI (source-diff): Standard minified build output from vite build; content is SVG/component code, not malicious. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-g7TnL6yo.js | AI (source-diff): Standard minified build output from vite build; content is SVG/component code, not malicious. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy explained by CI pipeline migration; SLSA provenance confirms legitimate publish from official repo. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-Ct_Co0zZ.cjs | AI (source-diff): Minified build artifact containing SVG template strings for devtools UI; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-DymJEvfG.js | AI (source-diff): Minified build artifact containing SVG template strings for devtools UI; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-ibA2ahop.cjs | AI (source-diff): Minified build artifact containing inline SVG/CSS; no malicious code patterns in sample. | ai | |
| provenance | publisher-changed | AI (provenance): TanStack/router publishes via GitHub Actions CI with SLSA provenance; this is the expected publisher for this org. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-CaypUmOS.js | AI (source-diff): Minified build artifact containing inline SVG/CSS; no malicious code patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-BuIlKO5O.cjs | AI (source-diff): Minified build output with readable SVG/SolidJS content; standard bundler output for this devtools package. | ai | |
| source-diff | obfuscated-file:dist/FloatingTanStackRouterDevtools-eWh8pOeT.js | AI (source-diff): Minified build output with readable SVG/SolidJS content; standard bundler output for this devtools package. | ai | |
| phantom-deps | phantom-dep:vite | AI (phantom-deps): vite is a build tool listed as a runtime dep but used only for building; stable false positive for this package. | ai |
Versions (showing 51 of 271)
| Version | Deps | Published |
|---|---|---|
| 1.168.0 | 2 / 3 | |
| 1.167.3 | 2 / 3 | |
| 1.167.2 | 2 / 3 | |
| 1.167.1 | 2 / 3 | |
| 1.167.0 | 3 / 3 | |
| 1.166.9 | 3 / 3 | |
| 1.166.8 | 3 / 3 | |
| 1.166.7 | 3 / 3 | |
| 1.166.6 | 3 / 3 | |
| 1.166.4 | 3 / 3 | |
| 1.166.2 | 3 / 3 | |
| 1.163.3 | 3 / 3 | |
| 1.163.2 | 3 / 3 | |
| 1.162.9 | 3 / 3 | |
| 1.162.6 | 3 / 3 | |
| 1.162.5 | 3 / 3 | |
| 1.162.2 | 3 / 3 | |
| 1.162.1 | 3 / 3 | |
| 1.161.4 | 3 / 3 | |
| 1.161.3 | 3 / 3 | |
| 1.161.1 | 3 / 3 | |
| 1.160.0 | 3 / 3 | |
| 1.159.9 | 3 / 3 | |
| 1.159.6 | 3 / 3 | |
| 1.159.4 | 3 / 3 | |
| 1.158.4 | 3 / 3 | |
| 1.158.1 | 3 / 3 | |
| 1.158.0 | 3 / 3 | |
| 1.157.18 | 3 / 3 | |
| 1.157.16 | 3 / 3 | |
| 1.157.15 | 3 / 3 | |
| 1.157.14 | 3 / 3 | |
| 1.157.13 | 3 / 3 | |
| 1.157.12 | 3 / 3 | |
| 1.157.11 | 3 / 3 | |
| 1.157.10 | 3 / 3 | |
| 1.157.9 | 3 / 3 | |
| 1.157.8 | 3 / 3 | |
| 1.157.7 | 3 / 3 | |
| 1.157.6 | 3 / 3 | |
| 1.157.5 | 3 / 3 | |
| 1.157.4 | 3 / 3 | |
| 1.157.3 | 3 / 3 | |
| 1.157.1 | 3 / 3 | |
| 1.157.0 | 3 / 3 | |
| 1.156.0 | 3 / 3 | |
| 1.155.0 | 3 / 3 | |
| 1.154.14 | 3 / 3 | |
| 1.154.13 | 3 / 3 | |
| 1.154.12 | 3 / 3 | |
| 1.154.8 | 3 / 3 |
v1.168.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.167.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.167.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.167.1
4 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.167.0
4 findingsThis version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.9
4 findingsThis version was published by a different npm account than previous versions on 2026-03-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.8
4 findingsThis version was published by a different npm account than previous versions on 2026-03-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.7
4 findingsThis version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.6
4 findingsThis version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.4
4 findingsThis version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.166.2
4 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.163.3
4 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.163.2
4 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.162.9
4 findingsThis version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.162.6
4 findingsThis version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.162.5
4 findingsThis version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.162.2
4 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.162.1
4 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.4
4 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.3
4 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.1
4 findingsThis version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.160.0
4 findingsThis version was published by a different npm account than previous versions on 2026-02-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.159.9
4 findingsThis version was published by a different npm account than previous versions on 2026-02-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.159.6
4 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.159.4
4 findingsThis version was published by a different npm account than previous versions on 2026-02-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.158.4
4 findingsThis version was published by a different npm account than previous versions on 2026-02-07. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.158.1
4 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.158.0
4 findingsThis version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.18
4 findingsThis version was published by a different npm account than previous versions on 2026-01-31. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.16
4 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.15
4 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.14
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.13
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.12
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.11
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.10
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.9
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.8
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.7
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.6
4 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.5
4 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.4
4 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.3
4 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.1
4 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.0
4 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.156.0
4 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.155.0
4 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.14
4 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.13
4 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.12
4 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.8
4 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.