@templatical/editor
Vue 3 visual drag-and-drop email editor powered by Templatical
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/dist-UZ8UzVZ-.js | AI (source-diff): Minified Vite bundle output; linkifyjs TLD trie data is expected long-line content, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/dist-fEtcLxee.js | AI (source-diff): Standard minified bundle output (linkify TLD trie, Vue internals); not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/dist-DwEpKyry.js | AI (source-diff): Vite-bundled ESM chunk; the long lines are linkifyjs trie data, not obfuscation or malware. | ai | |
| source-diff | obfuscated-file:dist/dist-CDtcJMB2.js | AI (source-diff): Minified Vite bundle; trie-encoded linkifyjs domain data is a known pattern, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/dist-DPiqL9q5.js | AI (source-diff): Vite-bundled output containing linkifyjs trie-encoded domain data; not malicious obfuscation, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/dist-DXaxGLsw.js | AI (source-diff): Standard Vite-minified ESM bundle with identifiable third-party library content (linkifyjs trie); not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/extensions-BfjbWqOx.js | AI (source-diff): Minified TipTap extension bundle; expected build output. | ai | |
| source-diff | obfuscated-file:dist/dist-B2jcQhv8.js | AI (source-diff): Long lines are linkifyjs domain trie data in a Vite bundle — standard minified output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/draggable-ClUwYCFL.js | AI (source-diff): Minified Vue/vuedraggable CDN chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/extensions-ea_ewKUl.js | AI (source-diff): TipTap extension bundle; readable extension definitions visible in sample. | ai | |
| source-diff | net-exec-file:dist/cdn/chunks/draggable-ClUwYCFL.js | AI (source-diff): False positive on minified Vue runtime; no actual dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/dist-BKSzrf0L.js | AI (source-diff): Standard Vite/Rolldown minified bundle of TipTap/Vue; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/icons-vmLJTaJk.js | AI (source-diff): Minified Lucide icon bundle; clearly recognizable SVG icon definitions. | ai | |
| source-diff | net-exec-file:dist/cdn/chunks/draggable-BQNU47zu.js | AI (source-diff): Network/exec pattern fires on bundled Vue runtime code; no actual dropper behavior present. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/draggable-BQNU47zu.js | AI (source-diff): Standard Vite/Rollup CDN bundle of Vue shared + vuedraggable; minified but not malicious. | ai | |
| source-diff | obfuscated-file:dist/dist-Bu7veieH.js | AI (source-diff): Standard Vite/Rollup bundle; linkify TLD trie is a known minified data structure, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/editor.js | AI (source-diff): Standard Vite/Rollup CDN bundle of Vue 3 editor component; readable structure with Vue setup() and CSS class strings. | ai | |
| source-diff | obfuscated-file:dist/dist-DDJIWTRY.js | AI (source-diff): Minified linkifyjs and other bundled vendor code; standard build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/draggable-Bcb86AsV.js | AI (source-diff): Vite-bundled Vue/vuedraggable output; standard minified dist for this package. | ai | |
| source-diff | obfuscated-file:dist/dist--e2w6FN-.js | AI (source-diff): Bundled linkifyjs TLD list; standard minified dist output. | ai | |
| source-diff | net-exec-file:dist/cdn/chunks/draggable-Bcb86AsV.js | AI (source-diff): Vue runtime patterns (getGlobalThis, etc.) in bundled output; not malicious. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Package now bundles all deps into dist; large file count is expected. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-color | AI (phantom-deps): Consumed via bundled dist; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@lucide/vue | AI (phantom-deps): Consumed via bundled dist; not directly imported in source. | ai | |
| source-diff | net-exec-file:dist/cdn/chunks/draggable-m78lz0gI.js | AI (source-diff): Bundled Vue runtime; network+exec pattern is normal framework code. | ai | |
| source-diff | obfuscated-file:dist/cdn/chunks/draggable-m78lz0gI.js | AI (source-diff): Bundled Vue/draggable CDN chunk with clear region comments; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/dist-Crqkuf-w.js | AI (source-diff): Vite/Rolldown bundled output with clear source-region comments; not obfuscated. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-highlight | AI (phantom-deps): Consumed via bundled dist; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-text-style | AI (phantom-deps): Consumed via bundled dist; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-font-family | AI (phantom-deps): Consumed via bundled dist; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-link | AI (phantom-deps): Declared dependency; Tiptap link extension. | ai | |
| phantom-deps | phantom-dep:vue-advanced-cropper | AI (phantom-deps): Declared dependency; image cropper component. | ai | |
| phantom-deps | phantom-dep:@tiptap/starter-kit | AI (phantom-deps): Declared dependency; Tiptap extension bundle. | ai | |
| phantom-deps | phantom-dep:vanilla-colorful | AI (phantom-deps): Declared dependency; color picker component. | ai | |
| phantom-deps | phantom-dep:lucide-vue-next | AI (phantom-deps): Declared dependency; icon library. | ai | |
| phantom-deps | phantom-dep:@tiptap/vue-3 | AI (phantom-deps): Declared dependency; Tiptap Vue 3 integration. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-underline | AI (phantom-deps): Declared dependency; Tiptap underline extension. | ai | |
| phantom-deps | phantom-dep:vuedraggable | AI (phantom-deps): Declared dependency; drag-and-drop functionality. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): Declared dependency; Vue composition utilities. | ai | |
| phantom-deps | phantom-dep:@tiptap/core | AI (phantom-deps): Declared dependency; core editor library for Vue 3 component. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-superscript | AI (phantom-deps): Declared dependency; Tiptap superscript extension. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-text-align | AI (phantom-deps): Declared dependency; Tiptap text-align extension. | ai | |
| phantom-deps | phantom-dep:liquidjs | AI (phantom-deps): Declared dependency; used in template rendering logic. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-subscript | AI (phantom-deps): Declared dependency; Tiptap subscript extension. | ai |
Versions (showing 37 of 37)
| Version | Deps | Published |
|---|---|---|
| 0.10.1 | 0 / 31 | |
| 0.10.0 | 0 / 31 | |
| 0.9.1 | 0 / 31 | |
| 0.9.0 | 0 / 31 | |
| 0.8.5 | 0 / 31 | |
| 0.8.4 | 0 / 31 | |
| 0.8.3 | 0 / 31 | |
| 0.8.2 | 0 / 31 | |
| 0.8.1 | 0 / 32 | |
| 0.8.0 | 0 / 32 | |
| 0.7.3 | 0 / 32 | |
| 0.7.2 | 0 / 32 | |
| 0.7.1 | 0 / 32 | |
| 0.7.0 | 0 / 32 | |
| 0.6.7 | 0 / 32 | |
| 0.6.6 | 0 / 32 | |
| 0.6.5 | 0 / 32 | |
| 0.6.4 | 0 / 32 | |
| 0.6.3 | 0 / 32 | |
| 0.6.2 | 0 / 32 | |
| 0.6.1 | 0 / 32 | |
| 0.6.0 | 0 / 32 | |
| 0.5.1 | 0 / 31 | |
| 0.5.0 | 0 / 31 | |
| 0.4.0 | 0 / 31 | |
| 0.3.2 | 0 / 31 | |
| 0.3.1 | 0 / 31 | |
| 0.2.1 | 0 / 30 | |
| 0.2.0 | 0 / 30 | |
| 0.1.1 | 19 / 10 | |
| 0.1.0 | 19 / 9 | |
| 0.0.6 | 19 / 9 | |
| 0.0.5 | 19 / 8 | |
| 0.0.4 | 19 / 6 | |
| 0.0.3 | 19 / 6 | |
| 0.0.2 | 19 / 6 | |
| 0.0.1 | 17 / 6 |
v0.10.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.2
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.7
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.6
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.5
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.4
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.3
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.2
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.1
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: orkhanahmadov.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.3
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.