@teambit/react
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:artifacts/env-template/public/peers.e8dabe4bcdf6b4d853c8.js | AI (source-diff): Minified webpack chunk in env-template preview artifacts; benign. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.903d74bba0ad71e6af5a.js | AI (source-diff): Minified webpack chunk in env-template preview artifacts; benign. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/peers.e8dabe4bcdf6b4d853c8.js | AI (source-diff): Webpack chunk with __webpack_require__; normal browser bundle pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.d1d98d5096bf2a0ac8b8.js | AI (source-diff): Minified webpack chunk in env-template preview artifacts; benign. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/427.4ed003b9ce0af834c6f1.js | AI (source-diff): Minified webpack chunk in env-template preview artifacts; benign. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/254.848b21663dcb32f9874d.js | AI (source-diff): Webpack chunk with __webpack_require__; normal browser bundle pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/254.848b21663dcb32f9874d.js | AI (source-diff): Minified webpack chunk in env-template preview artifacts; benign. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/109.8f7b5a48f4130e2d8d5c.js | AI (source-diff): Webpack chunk with __webpack_require__ dynamic loading; normal browser bundle pattern for Bit preview. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/109.8f7b5a48f4130e2d8d5c.js | AI (source-diff): Standard webpack-minified browser chunk in Bit env-template preview artifacts; not malicious. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.path.path | AI (dependencies): Same-org @teambit scope; stable dependency pattern across all teambit package versions. | ai | |
| dependencies | unvetted-dep:@teambit/react.rendering.ssr | AI (dependencies): Same-org @teambit scope; expected for a React env package. | ai | |
| dependencies | unvetted-dep:@bitdev/react.generators.react-templates | AI (dependencies): Bitdev org; expected generator dependency for React env. | ai | |
| dependencies | unvetted-dep:@teambit/typescript.typescript-compiler | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| dependencies | unvetted-dep:@bitdev/react.generators.react-starters | AI (dependencies): Bitdev org; expected generator dependency for React env. | ai | |
| dependencies | unvetted-dep:@teambit/defender.prettier-formatter | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| dependencies | unvetted-dep:@teambit/mdx.modules.mdx-v3-options | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| dependencies | unvetted-dep:@teambit/defender.eslint-linter | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| dependencies | unvetted-dep:@teambit/react.jest.react-jest | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| dependencies | unvetted-dep:@teambit/defender.jest-tester | AI (dependencies): Same-org @teambit scope; expected tooling dependency. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/170.5ebe22fe14011720ade5.js | AI (source-diff): Standard webpack-minified preview bundle; content is recognizable Bit/React config, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.6d5ae4c2598e535c4093.js | AI (source-diff): Minified peer-deps bundle exposing React/MDX namespaces; standard Bit env-template artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.61940026750fb3f63599.js | AI (source-diff): Minified Bit preview bundle with regenerator-runtime; standard build artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.95cb86e2f6284e3523f3.js | AI (source-diff): Minified Bit preview module bundle; content is recognizable PreviewModules class, not obfuscated malware. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/252.6b1b60697f3e28ba5c36.js | AI (source-diff): Webpack chunk loader pattern; not a dropper/loader. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/252.6b1b60697f3e28ba5c36.js | AI (source-diff): Standard webpack-minified preview bundle containing floating-ui exports; not malicious. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/170.5ebe22fe14011720ade5.js | AI (source-diff): Webpack chunk loader pattern (__loadChunks_EnvTemplate); not a dropper/loader. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/252.f8e013b8b07100a6b8ca.js | AI (source-diff): Webpack-minified browser bundle containing floating-ui/React OSS code. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/243.dac9adbf4f7ad2acb210.js | AI (source-diff): Same bundle; network refs are webpack chunk-loading, not dropper behavior. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/243.dac9adbf4f7ad2acb210.js | AI (source-diff): Webpack-minified browser bundle for Bit env-template preview; not install-time code. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/peers.9f25b0374ec1200581c8.js | AI (source-diff): Same bundle; webpack chunk-loading, not dropper behavior. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.9f25b0374ec1200581c8.js | AI (source-diff): Webpack-minified peers bundle containing MDX/React OSS code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.a6d430b9d865db143790.js | AI (source-diff): Webpack-minified overview preview bundle; same pattern as other env-template chunks. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.4e73b0a476e90992b0d7.js | AI (source-diff): Webpack-minified compositions preview bundle; regenerator-runtime and React OSS code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/874.3ef824f68e8be46dbe18.js | AI (source-diff): Webpack-minified preview-modules bundle; legitimate Bit preview infrastructure. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/252.f8e013b8b07100a6b8ca.js | AI (source-diff): Same bundle; webpack chunk-loading pattern, not malware. | ai | |
| phantom-deps | phantom-dep:sanitize.css | AI (phantom-deps): CSS utility referenced in config; not a direct import by design. | ai | |
| phantom-deps | phantom-dep:@teambit/react.ui.highlighter.component-metadata.bit-component-meta | AI (phantom-deps): Same-org scope dependency used via config convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-hooks | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:jest-environment-jsdom | AI (phantom-deps): Jest config-referenced environment; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jsx-a11y | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-import | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jest | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-mdx | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive for this React env package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-mdx | AI (phantom-deps): Config-referenced ESLint plugin; stable false positive. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.a2a592605d678eb6ce53.js | AI (source-diff): Standard webpack-minified preview artifact; consistent with teambit's build pipeline. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/32.4a5bfd3b1b4cefd65f08.js | AI (source-diff): Standard webpack-minified preview artifact; consistent with teambit's build pipeline. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/32.4a5bfd3b1b4cefd65f08.js | AI (source-diff): Webpack chunk with __webpack_require__; no actual network exfiltration or shell exec. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.22d017a8be7f3c8be0e6.js | AI (source-diff): Standard webpack-minified preview artifact; consistent with teambit's build pipeline. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.af03aaba01a119d50ce5.js | AI (source-diff): Standard webpack-minified preview artifact; consistent with teambit's build pipeline. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.7c77d0e9d76d866c894c.js | AI (source-diff): Minified webpack bundle for Bit preview overview; standard build artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.9dc615dbdcb07a6bf514.js | AI (source-diff): Minified webpack bundle exposing peer deps to global scope; standard Bit preview pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.56e24c8a295875b38458.js | AI (source-diff): Minified webpack bundle for Bit preview compositions; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.859255ebcaebf76e1a2c.js | AI (source-diff): Bit preview peers chunk; minified webpack output is expected. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.2c65fb8e4f08e43a4792.js | AI (source-diff): Bit preview composition chunk; minified webpack output is expected. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.db9fb938116f91318c71.js | AI (source-diff): Bit preview overview chunk; minified webpack output is expected. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.81c48e13b3eab3dc3043.js | AI (source-diff): Minified webpack chunk with regenerator-runtime; standard build artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.7c19924039daeeca6ea2.js | AI (source-diff): Minified preview chunk; readable PreviewModules class visible in sample. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.b023eb5b83a8844e8985.js | AI (source-diff): Minified peer-deps bundle exposing React/ReactDom to global; expected pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.1a326494cf7727444a63.js | AI (source-diff): Webpack-minified preview artifact; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.a3515c89b29e7ef25b3d.js | AI (source-diff): Webpack-minified preview artifact; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.55653caff840f84050af.js | AI (source-diff): Webpack-minified peer-deps bundle; stable pattern for this package. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/760.847613853bcbcc911626.js | AI (source-diff): Minified webpack chunk; network+exec pattern is from bundled library code, not malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/760.847613853bcbcc911626.js | AI (source-diff): Webpack-minified build artifact (Bit workspace config runner); stable pattern for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.8abb69ea906301b64e68.js | AI (source-diff): Standard webpack bundle artifact for Bit env-template preview. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/187.4f9f6cd70b22ed88e42f.js | AI (source-diff): Webpack chunk loader pattern, not dropper malware; stable for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/187.4f9f6cd70b22ed88e42f.js | AI (source-diff): Standard webpack bundle artifact for Bit env-template preview; consistent with all prior @teambit releases. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.baa89ef2ba9dd80c6aa0.js | AI (source-diff): Standard webpack bundle artifact for Bit env-template preview. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.7858520bd0f94a6128af.js | AI (source-diff): Standard webpack bundle artifact for Bit env-template preview. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.23cb3e212e6357189bcc.js | AI (source-diff): Webpack-minified browser chunk in env-template preview artifacts; expected for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.dd602b612d6dcd528263.js | AI (source-diff): Webpack-minified browser chunk in env-template preview artifacts; expected for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.48fa6d1c9778931feaf8.js | AI (source-diff): Webpack-minified browser chunk in env-template preview artifacts; expected for this package. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/271.8983b12775e9c1379e11.js | AI (source-diff): Webpack bundle with __webpack_require__; standard browser chunk, not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/271.8983b12775e9c1379e11.js | AI (source-diff): Webpack-minified browser chunk in env-template preview artifacts; expected for this package. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/252.a4ec8971a39563ffeeaa.js | AI (source-diff): Webpack bundle with __webpack_require__; standard browser chunk, not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/252.a4ec8971a39563ffeeaa.js | AI (source-diff): Webpack-minified browser chunk in env-template preview artifacts; expected for this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/372.747516dd003c8cd1f1c0.js | AI (source-diff): Webpack-bundled preview artifact; standard teambit env-template build output across all versions. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.52a942f3b8cd1951748b.js | AI (source-diff): Webpack-bundled preview artifact; standard teambit env-template build output. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.97b1450e3f8c72df33c6.js | AI (source-diff): Webpack-bundled preview artifact; standard teambit env-template build output. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.c60a2dea6aca09b86b9e.js | AI (source-diff): Webpack-bundled preview artifact; standard teambit env-template build output. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/624.bc39f54c0b0fdd16b3a5.js | AI (source-diff): Webpack chunk with __webpack_require__; not malicious. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/624.bc39f54c0b0fdd16b3a5.js | AI (source-diff): Webpack-bundled preview artifact; standard teambit env-template build output. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/372.747516dd003c8cd1f1c0.js | AI (source-diff): Webpack chunk with __webpack_require__ dynamic loading; not malicious dropper behavior. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.3510edef65cd1cab1358.js | AI (source-diff): Standard webpack bundle artifact for Bit's env-template preview; content is recognizable React/webpack runtime code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.77706f3b6126e4aac8b3.js | AI (source-diff): Standard webpack bundle artifact for Bit's env-template preview; content is recognizable React/webpack runtime code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.0317868acc7f007a25d8.js | AI (source-diff): Standard webpack bundle artifact for Bit's env-template preview; content is recognizable React/webpack runtime code. | ai | |
| phantom-deps | phantom-dep:less | AI (phantom-deps): Config-referenced peer tool for this React env package; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/helper-plugin-test-runner | AI (phantom-deps): Framework-scoped convention dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): Framework-scoped convention dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:esbuild | AI (phantom-deps): Known implicit binary dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:core-js | AI (phantom-deps): Known implicit runtime dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Config-referenced peer tool; stable false positive. | ai | |
| phantom-deps | phantom-dep:sass | AI (phantom-deps): Config-referenced peer tool; stable false positive for this env package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires in bundled webpack artifact; standard pattern for build/env tooling, not user-controlled input. | ai |
Versions (showing 28 of 28)
| Version | Deps | Published |
|---|---|---|
| 1.0.996 | 115 / 18 | |
| 1.0.995 | 115 / 18 | |
| 1.0.986 | 115 / 18 | |
| 1.0.983 | 115 / 18 | |
| 1.0.982 | 115 / 18 | |
| 1.0.980 | 115 / 18 | |
| 1.0.975 | 115 / 18 | |
| 1.0.974 | 115 / 18 | |
| 1.0.972 | 115 / 18 | |
| 1.0.971 | 115 / 18 | |
| 1.0.970 | 115 / 18 | |
| 1.0.969 | 115 / 18 | |
| 1.0.961 | 115 / 18 | |
| 1.0.958 | 115 / 18 | |
| 1.0.956 | 115 / 18 | |
| 1.0.955 | 115 / 18 | |
| 1.0.951 | 114 / 18 | |
| 1.0.950 | 114 / 18 | |
| 1.0.947 | 114 / 18 | |
| 1.0.944 | 114 / 18 | |
| 1.0.943 | 114 / 18 | |
| 1.0.942 | 114 / 18 | |
| 1.0.941 | 114 / 18 | |
| 1.0.938 | 114 / 18 | |
| 1.0.937 | 114 / 18 | |
| 1.0.934 | 114 / 18 | |
| 1.0.933 | 114 / 18 | |
| 1.0.932 | 114 / 18 |
v1.0.996
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.995
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.983
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.982
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.980
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.975
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.974
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.972
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.969
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.961
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.958
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.956
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.955
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.951
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.950
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.947
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.944
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.943
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.942
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.941
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.938
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.937
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.934
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.933
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.932
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.