@visulima/package No license 12 versions

@visulima/package

npm Repository Homepage

12

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

prisis

Keywords

anolilabfindfind-monorepo-rootfind-up-pkgfind-package-managermono-repomonorepopackagepackage-jsonpackage-managerpackage.jsonpackage.yamlpackage.json5packagespkg-dirpkg-managerpkg-typespkg-upread-pkgread-pkg-uprootpnpmbunnpmyarnyamljson5visulima

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from prisis to GitHub Actions CI/CD publishing with SLSA provenance; stable pattern.	ai	2026/05/14
source-diff	source-size-dropped	AI (source-diff): Switched to bundled/minified dist output; expected size reduction.	ai	2026/05/14
source-diff	obfuscated-file:dist/package-json.js	AI (source-diff): Standard minified ESM build output from packem; content is readable package.json utility logic, not obfuscated malware.	ai	2026/05/14
source-diff	obfuscated-file:dist/package-manager.js	AI (source-diff): Standard minified ESM build output; content is package manager detection logic, no malicious patterns.	ai	2026/05/14
phantom-deps	phantom-dep:yaml	AI (phantom-deps): yaml is used for pnpm catalog YAML parsing; heuristic false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@visulima/path	AI (phantom-deps): Same-org dep imported in bundled dist files; phantom-dep heuristic misses bundled imports.	ai	2026/05/14
phantom-deps	phantom-dep:@inquirer/confirm	AI (phantom-deps): Used in interactive install flow; bundled import not detected by static heuristic.	ai	2026/05/14

Versions (showing 12 of 12)

Version	Deps	Published
4.1.7	7 / 0	2025-11-19
4.1.6	7 / 0	2025-11-13
4.1.5	7 / 0	2025-11-12
4.1.4	8 / 0	2025-11-07
4.1.3	8 / 0	2025-11-05
4.1.2	8 / 0	2025-10-21
4.1.1	8 / 0	2025-10-20
4.1.0	8 / 0	2025-10-15
4.0.2	6 / 0	2025-10-02
4.0.1	6 / 0	2025-10-02
4.0.0	6 / 0	2025-10-02
3.5.8	4 / 0	2025-06-04

v4.1.7

4 findings

HIGH Publisher changed: prisis → GitHub Actions (on 2025-11-19) provenance

This version was published by a different npm account than previous versions on 2025-11-19. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.6

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.5

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.4

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.3

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.2

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.2

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.1

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.0

3 findings

HIGH New obfuscated file: dist/package-json.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/package-manager.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.