@veupathdb/ortho-site
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/bundles/legacy/528.bundle-cbd47b0eb07aa52555d4.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/528.bundle-181a5f3250fc4f07c0a3.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/324.bundle-8a688b3f00e278fb9e6e.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/324.bundle-4e27829ce51c1ae1d116.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/977.bundle-bb864a2acbdca5b69f7c.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/977.bundle-897949daff5d9687e54b.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/142.bundle-34bbee4288f1b7d7417c.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/142.bundle-6f2c92cb326cd20a71f1.js | AI (source-diff): Standard webpack minified bundle for this site package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/324.bundle-e4eeb41e9a72f6e06c7a.js | AI (source-diff): Standard webpack bundle; same FileSaver.js pattern as legacy counterpart. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/12.bundle-3a0bf16aec1f7ca9e6ec.js | AI (source-diff): Standard webpack production bundle; webpackChunk pattern and readable React code confirm minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/12.bundle-fc8d9179ca3e69ba81d0.js | AI (source-diff): Standard webpack production bundle; same pattern as legacy counterpart. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/142.bundle-732fdfff5122abeaac8a.js | AI (source-diff): Standard webpack production bundle with source map; readable UI component code visible. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/142.bundle-d9b5c0b64beb8da19bf0.js | AI (source-diff): Standard webpack production bundle; same pattern as legacy counterpart. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/324.bundle-2717752ce5a8bd49d31a.js | AI (source-diff): Standard webpack bundle; sample shows FileSaver.js saveAs implementation, a well-known library. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/982.bundle-272698454c23a3d17b28.js | AI (source-diff): Standard webpack bundle; readable EDA workspace React code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/982.bundle-3ce1b666ded43f117aa2.js | AI (source-diff): Standard webpack bundle; same EDA workspace pattern as modern counterpart. | ai | |
| phantom-deps | phantom-dep:@veupathdb/preferred-organisms | AI (phantom-deps): Same-org workspace dep; phantom-dep heuristic unreliable for monorepo workspace packages. | ai | |
| source-diff | encoded-string-file:dist/bundles/modern/site-client.bundle.js | AI (source-diff): Same as legacy bundle; emotion/webpack runtime encoded strings are expected in this package. | ai | |
| source-diff | encoded-string-file:dist/bundles/legacy/site-client.bundle.js | AI (source-diff): Long strings are emotion CSS-in-JS and webpack runtime patterns; stable false positive for this bundled site package. | ai | |
| source-diff | obfuscated-file:dist/bundles/legacy/324.bundle-427a93819496e578ec46.js | AI (source-diff): Standard webpack legacy bundle; same pattern as modern bundle, expected minification. | ai | |
| source-diff | obfuscated-file:dist/bundles/modern/324.bundle-0a2b932cf7820783466c.js | AI (source-diff): Standard webpack production bundle (webpackChunk prefix); minification is expected for this site package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Monorepo workspace package; missing description is a stable pattern across this org's packages, not a malware signal. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 1.4.2 | 2 / 70 | |
| 1.4.1 | 2 / 70 | |
| 1.3.49 | 2 / 70 | |
| 1.3.48 | 2 / 70 | |
| 1.3.46 | 1 / 70 |
v1.4.2
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.49
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.48
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 4 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.