@veupathdb/clinepi-site
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/bundles/legacy/444.bundle-39a5ccbf0392090df720.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/166.bundle-adc56b9afb6063a8f6f2.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/166.bundle-4e63e22cb1669ea7190c.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/797.bundle-8440da362beef78fba2d.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/797.bundle-5a373d1da0de90e0b197.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/592.bundle-ea31c8104dd88fb6cb47.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/592.bundle-76b773f2e0cf7c88920b.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/496.bundle-489f2450699bf75a4edf.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/496.bundle-1edcc3cd1665316eb96d.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/444.bundle-5f6285e95dcb86d128bb.js | AI (source-diff): Standard webpack production bundle; SLSA-attested CI build from VEuPathDB monorepo. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/194.bundle-6fe94ca9fa86a9157c16.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/166.bundle-5f3e7f6ed3eebc374800.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline across all versions. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/166.bundle-f0a6aab6a35bd3dde9b0.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/194.bundle-c22a2c194bca02012e2f.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/443.bundle-b354729a761d8c41647b.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/443.bundle-f36d91a0a97267a543ab.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/592.bundle-3e51a6a6b66d0ef75b7c.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/592.bundle-4f517794dfe3d2069387.js | AI (source-diff): Standard webpack production bundle; consistent with this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/444.bundle-4f842285e027c5732a7f.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/166.bundle-ada681b6696cbc3a9e44.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/166.bundle-21c0ccec7c875fb1d95a.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. Normal for this package. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/951.bundle-e23e3956fd08c257684f.js | AI (source-diff): Standard webpack production bundle from established VEuPathDB org package. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/444.bundle-135064cf0b0d122903e8.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/797.bundle-baf13f173aec3b4114fb.js | AI (source-diff): Standard webpack production bundle from established VEuPathDB org package. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/592.bundle-e3583c01d9268d540de5.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/592.bundle-30ea67d2df522c9b77e3.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/496.bundle-ffcc6275240968d0092f.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/496.bundle-715262b553fff6fba104.js | AI (source-diff): Standard webpack production bundle; readable React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/797.bundle-db39a2ae0ce76887dd07.js | AI (source-diff): Standard webpack production bundle from established VEuPathDB org package. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/951.bundle-59a6a0be63158492dc69.js | AI (source-diff): Standard webpack production bundle from established VEuPathDB org package. | ai | |
| provenance | slsa-provenance | AI (provenance): SLSA provenance attestation present; stable CI/CD publishing pattern for this package. | ai | |
| phantom-deps | phantom-dep:@veupathdb/preferred-organisms | AI (phantom-deps): workspace:^ sibling in the VEuPathDB monorepo; phantom-dep heuristic doesn't apply to monorepo workspace deps. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 1.4.3 | 1 / 57 | |
| 1.4.2 | 1 / 57 | |
| 1.4.1 | 1 / 57 | |
| 1.3.49 | 1 / 57 | |
| 1.3.48 | 1 / 57 | |
| 1.3.46 | 0 / 57 |
v1.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.2
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.1
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.49
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.