@visulima/path No license 6 versions

@visulima/path

npm Repository Homepage

6

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

prisis

Keywords

visulimapathbinaryextensionsextensionfilejsonlistarray

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/packem_shared/path-C6kFhdHJ.js	AI (source-diff): Standard packem bundler output; minified but readable path/glob logic, no malicious patterns.	ai	2026/05/14
source-diff	obfuscated-file:dist/packem_shared/path-BASwXSwn.js	AI (source-diff): Minified bundler output (packem shared chunk); not obfuscation. Pattern is stable for this package.	ai	2026/05/14

Versions (showing 6 of 6)

Version	Deps	Published
2.0.5	0 / 0	2025-11-13
2.0.4	0 / 0	2025-11-12
2.0.3	0 / 0	2025-11-07
2.0.2	0 / 0	2025-11-05
2.0.1	0 / 0	2025-10-21
2.0.0	0 / 0	2025-10-15

v2.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

2 findings

HIGH New obfuscated file: dist/packem_shared/path-C6kFhdHJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

2 findings

HIGH New obfuscated file: dist/packem_shared/path-BASwXSwn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.