@valbuild/ui
This package contains Val's UI components and editor interface for content management.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:server/.tmp/assets/patchsets.worker-CH772rLL.js | AI (source-diff): Vite-minified web worker bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/search.worker-D5-aGKFO.js | AI (source-diff): Vite-minified web worker bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/index-BedkjC1d.js | AI (source-diff): Vite-minified frontend bundle; standard build artifact for a UI server package. | ai | |
| source-diff | net-exec-file:server/.tmp/assets/search.worker-D5-aGKFO.js | AI (source-diff): Web worker using fetch for search; not a dropper pattern. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/index-BKqzxajW.js | AI (source-diff): Standard Vite-bundled React UI asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/patchsets.worker-BNtrPoSm.js | AI (source-diff): Standard Vite-bundled web worker asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/index-Df7oLDqC.js | AI (source-diff): Standard Vite-bundled minified React app; not obfuscated, just minified build output. | ai | |
| source-diff | encoded-string-file:server/dist/valbuild-ui-server.esm.js | AI (source-diff): Same base64-inlined asset pattern as CJS build; stable and benign for this package. | ai | |
| source-diff | obfuscated-file:server/.tmp/assets/index-BsP50hgv.js | AI (source-diff): Standard Vite-minified React bundle; not obfuscated, just minified UI assets. | ai | |
| source-diff | encoded-string-file:server/dist/valbuild-ui-server.cjs.js | AI (source-diff): Base64 encoding of the minified UI bundle for inline asset serving; benign pattern for this package. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped @valbuild org package; Levenshtein match to uuid is a false positive with no naming similarity. | ai | |
| phantom-deps | phantom-dep:@tanstack/react-virtual | AI (phantom-deps): UI packages commonly reference deps in config without direct imports; stable false positive for this package. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped @valbuild org package; Levenshtein match to yup is a false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped @valbuild org package; Levenshtein match to joi is a false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped @valbuild org package; Levenshtein match to qs is a false positive. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped @valbuild org package; Levenshtein match to pg is a false positive. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 0.96.3 | 0 / 127 | |
| 0.96.2 | 0 / 127 | |
| 0.96.1 | 1 / 126 | |
| 0.96.0 | 1 / 126 | |
| 0.95.0 | 1 / 126 | |
| 0.94.0 | 1 / 125 |
v0.96.3
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 9 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 9 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.96.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 9 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 9 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.96.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 8 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 8 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.96.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 8 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 8 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.94.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.