← Home

@veupathdb/mbio-site

npm Repository Homepage
6
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

veupathdbbotdmfalkeryanrdoherty

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/bundles/modern/38.bundle-b63d57af2b9d9c3599ea.js AI (source-diff): Standard webpack production bundle; minification is expected build output. ai
source-diff obfuscated-file:dist/bundles/legacy/508.bundle-6ace983cfb584349b0fb.js AI (source-diff): Standard webpack production bundle; minification is expected build output. ai
source-diff obfuscated-file:dist/bundles/modern/508.bundle-b517c8e71c99824b046c.js AI (source-diff): Standard webpack production bundle; minification is expected build output. ai
source-diff obfuscated-file:dist/bundles/legacy/38.bundle-60b1c9ffed20c414c072.js AI (source-diff): Standard webpack production bundle for VEuPathDB React app; minification is expected build output. ai
source-diff obfuscated-file:dist/bundles/modern/918.bundle-2bedad379b73ae67d714.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/918.bundle-6f7fc6ad4d70eb7cb558.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/607.bundle-727df7d7bc86c33523fc.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/modern/607.bundle-8c43c30ec8340a3ba6bd.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/modern/38.bundle-31094c814fda9e5a17bc.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo; minification is expected for all dist/bundles/* files. ai
source-diff obfuscated-file:dist/bundles/legacy/38.bundle-9ee2ca1227f4b29a7281.js AI (source-diff): Standard webpack production bundle; same pattern as all other dist/bundles/* files. ai
source-diff obfuscated-file:dist/bundles/modern/444.bundle-0b847870341e5e951cb7.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/modern/508.bundle-3fffe72853ca56870325.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/444.bundle-1d4b749f32edbd52ab9f.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/508.bundle-801ff2acb9e0d1d84da8.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/759.bundle-6704af041e50407c876e.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/modern/759.bundle-c4c9e59e08ca6573c36e.js AI (source-diff): Standard webpack production bundle from VEuPathDB monorepo. ai
source-diff obfuscated-file:dist/bundles/legacy/759.bundle-aecd7d10583abb2994de.js AI (source-diff): Standard webpack production bundle; same pattern as other bundles in this package. ai
source-diff obfuscated-file:dist/bundles/modern/296.bundle-1dbe3d2a618605cfcb5f.js AI (source-diff): Standard webpack production bundle; readable React code visible in sample. Consistent with this package's build pattern. ai
source-diff obfuscated-file:dist/bundles/legacy/296.bundle-6a8473a0515bba686164.js AI (source-diff): Standard webpack production bundle; same pattern as other bundles in this package. ai
source-diff obfuscated-file:dist/bundles/modern/759.bundle-77991787c4cc551ef01c.js AI (source-diff): Standard webpack production bundle; readable React component logic in sample. ai
source-diff obfuscated-file:dist/bundles/legacy/884.bundle-6c763ed541cd7af7258c.js AI (source-diff): Standard webpack production bundle; readable React component logic in sample. ai
source-diff obfuscated-file:dist/bundles/modern/884.bundle-7b2389c1aafa98e6589b.js AI (source-diff): Standard webpack production bundle; same pattern as other bundles in this package. ai
source-diff obfuscated-file:dist/bundles/legacy/918.bundle-0b89e18fb7c60cba5375.js AI (source-diff): Standard webpack production bundle; readable React component logic in sample. ai
source-diff obfuscated-file:dist/bundles/modern/918.bundle-6a6b8f9e7b747c5ab1bf.js AI (source-diff): Standard webpack production bundle; same pattern as other bundles in this package. ai
publish-pattern dormant-publish AI (publish-pattern): Monorepo with SLSA provenance; dormancy reflects release cadence, not account takeover. ai
phantom-deps phantom-dep:@veupathdb/preferred-organisms AI (phantom-deps): Same-org workspace dep; phantom-dep heuristic unreliable for monorepo workspace packages. ai

Versions (showing 6 of 6)

Version Deps Published
1.4.3 1 / 57
1.4.2 1 / 57
1.4.1 1 / 57
1.3.49 1 / 57
1.3.48 1 / 57
1.3.46 0 / 57

v1.4.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.2

13 findings
HIGH New obfuscated file: dist/bundles/legacy/38.bundle-60b1c9ffed20c414c072.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/38.bundle-b63d57af2b9d9c3599ea.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/444.bundle-0b847870341e5e951cb7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/444.bundle-1d4b749f32edbd52ab9f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/508.bundle-6ace983cfb584349b0fb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/508.bundle-b517c8e71c99824b046c.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/607.bundle-727df7d7bc86c33523fc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/607.bundle-8c43c30ec8340a3ba6bd.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/759.bundle-6704af041e50407c876e.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/759.bundle-c4c9e59e08ca6573c36e.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/918.bundle-2bedad379b73ae67d714.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/918.bundle-6f7fc6ad4d70eb7cb558.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

13 findings
HIGH New obfuscated file: dist/bundles/modern/38.bundle-31094c814fda9e5a17bc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/38.bundle-9ee2ca1227f4b29a7281.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/444.bundle-0b847870341e5e951cb7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/444.bundle-1d4b749f32edbd52ab9f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/508.bundle-3fffe72853ca56870325.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/508.bundle-801ff2acb9e0d1d84da8.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/607.bundle-727df7d7bc86c33523fc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/607.bundle-8c43c30ec8340a3ba6bd.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/759.bundle-6704af041e50407c876e.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/759.bundle-c4c9e59e08ca6573c36e.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/918.bundle-2bedad379b73ae67d714.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/918.bundle-6f7fc6ad4d70eb7cb558.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.49

9 findings
HIGH New obfuscated file: dist/bundles/modern/296.bundle-1dbe3d2a618605cfcb5f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/296.bundle-6a8473a0515bba686164.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/759.bundle-77991787c4cc551ef01c.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/759.bundle-aecd7d10583abb2994de.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/884.bundle-6c763ed541cd7af7258c.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/884.bundle-7b2389c1aafa98e6589b.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/legacy/918.bundle-0b89e18fb7c60cba5375.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundles/modern/918.bundle-6a6b8f9e7b747c5ab1bf.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.48

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.