@tsrx/typescript-plugin MIT 47 versions

@tsrx/typescript-plugin

npm Repository Homepage

TypeScript plugin for TSRX

47

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

webeferentrueadmleonidaz_npm

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/language-BuFYuN10.js	AI (source-diff): Standard tsdown bundle output with accompanying source map; not obfuscated malware.	ai	2026/06/01
source-diff	obfuscated-file:dist/language-Dnsqh7yN.js	AI (source-diff): Minified bundle output from tsdown build; source map present and code content is recognizable @volar internals, not obfuscated malware.	ai	2026/05/30
source-diff	obfuscated-file:dist/language-CAqwRK_u.js	AI (source-diff): Minified bundler output (tsdown/esbuild); sample shows readable Volar source-map logic, not malicious obfuscation.	ai	2026/05/26
phantom-deps	phantom-dep:@volar/typescript	AI (phantom-deps): Bundled runtime dependency; phantom-dep heuristic fires because it's inlined into dist.	ai	2026/05/26
source-diff	obfuscated-file:dist/language--WWw6ckw.js	AI (source-diff): Minified bundle output from tsdown build tool; code is readable TypeScript logic, not obfuscation.	ai	2026/05/26
phantom-deps	phantom-dep:@volar/language-core	AI (phantom-deps): Bundled runtime dependency; phantom-dep heuristic fires because it's inlined into dist.	ai	2026/05/26
semgrep	semgrep:dynamic-require	AI (semgrep): Compiler path resolution pattern in a TypeScript plugin; stable and expected for this package.	ai	2026/05/22

Versions (showing 47 of 47)

Version	Deps	Published
1.0.0	2 / 2	2026-05-07
0.3.72	2 / 4	2026/05/30
0.3.71	2 / 4	2026-05-30
0.3.70	2 / 4	2026-05-30
0.3.69	2 / 4	2026-05-29
0.3.68	2 / 4	2026-05-26
0.3.67	2 / 4	2026-05-25
0.3.66	2 / 4	2026-05-25
0.3.65	2 / 4	2026-05-20
0.3.64	2 / 4	2026-05-20
0.3.63	2 / 4	2026-05-20
0.3.62	2 / 4	2026-05-18
0.3.61	2 / 2	2026-05-15
0.3.60	2 / 2	2026-05-15
0.3.59	2 / 2	2026-05-14
0.3.58	2 / 2	2026-05-13
0.3.57	2 / 2	2026-05-12
0.3.56	2 / 2	2026-05-12
0.3.54	2 / 2	2026-05-10
0.3.53	2 / 2	2026-05-09
0.3.52	2 / 2	2026-05-08
0.3.51	2 / 2	2026-05-08
0.3.49	2 / 2	2026-05-06
0.3.48	2 / 2	2026-05-04
0.3.47	2 / 2	2026-05-04
0.3.46	2 / 2	2026-05-03
0.3.45	2 / 2	2026-05-03
0.3.44	2 / 2	2026-05-02
0.3.43	2 / 2	2026-05-02
0.3.42	2 / 2	2026-05-01
0.3.41	2 / 2	2026-05-01
0.3.40	2 / 2	2026-04-30
0.3.39	2 / 2	2026-04-29
0.3.38	2 / 2	2026-04-28
0.3.37	2 / 2	2026-04-28
0.3.36	2 / 2	2026-04-28
0.3.35	2 / 2	2026-04-27
0.3.34	2 / 2	2026-04-27
0.3.33	2 / 2	2026-04-26
0.3.32	2 / 2	2026-04-24
0.3.31	2 / 2	2026-04-23
0.3.30	2 / 2	2026-04-23
0.3.29	2 / 2	2026-04-23
0.3.28	2 / 2	2026-04-22
0.3.27	2 / 2	2026-04-22
0.3.26	2 / 2	2026-04-22
0.3.25	2 / 2	2026-04-22

v1.0.0

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.72

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.71

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.70

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.69

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.68

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.67

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.66

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.65

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.64

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.63

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.62

2 findings

HIGH New obfuscated file: dist/language-Dnsqh7yN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.61

2 findings

HIGH New obfuscated file: dist/language-BuFYuN10.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.60

2 findings

HIGH New obfuscated file: dist/language-BuFYuN10.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.59

2 findings

HIGH New obfuscated file: dist/language-BuFYuN10.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.58

2 findings

HIGH New obfuscated file: dist/language-BuFYuN10.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.57

2 findings

HIGH New obfuscated file: dist/language--WWw6ckw.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.56

2 findings

HIGH New obfuscated file: dist/language--WWw6ckw.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.54

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.53

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.52

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.51

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.49

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.48

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.47

2 findings

HIGH New obfuscated file: dist/language-CAqwRK_u.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.46

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.45

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.44

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.43

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.42

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.41

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.40

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.39

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.37

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.34

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.33

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.29

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.25

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.