@visulima/colorize
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/packem_shared/colorize.server-B0BWdm8_.cjs | AI (source-diff): Minified bundler output (packem); content is ANSI color utility code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/GradientBuilder-C2IS34v_.cjs | AI (source-diff): Minified bundler output; content is CSS color name table and gradient logic, not malicious. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/Colorize-Bn8gI3ME.mjs | AI (source-diff): Minified bundler output; content is ANSI 256-color map, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/Colorize-CfIXnDUD.mjs | AI (source-diff): Minified bundler output; content is ANSI color utility code, not malicious. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/colorize.server-9hV-s1hY.mjs | AI (source-diff): Minified bundler output; content is ANSI color utility code, not malicious. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/GradientBuilder-I_j6wpvU.mjs | AI (source-diff): Minified bundler output; content is CSS color name table and gradient logic, not malicious. | ai | |
| provenance | slsa-provenance | AI (provenance): Package consistently published with SLSA provenance via CI/CD; stable signal for this package. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 1.4.29 | 1 / 0 | |
| 1.4.28 | 1 / 0 | |
| 1.4.27 | 1 / 0 | |
| 1.4.25 | 1 / 0 | |
| 1.4.24 | 1 / 0 | |
| 1.4.23 | 1 / 0 | |
| 1.4.22 | 1 / 0 |
v1.4.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.25
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.24
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.