@visulima/source-map
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/packem_shared/loadSourceMap-DIY-KNB6.js | AI (source-diff): Minified bundler output (packem); readable code, no obfuscation indicators, consistent with this package's build tooling. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/loadSourceMap-BoEi7-Mm.js | AI (source-diff): Minified bundler output (packem); content is source-map/glob utilities with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/loadSourceMap-DKUO3MWk.js | AI (source-diff): Minified bundler output (packem); readable code, no obfuscation indicators, consistent with this package's build toolchain. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/loadSourceMap-d2oMIw6R.js | AI (source-diff): Packem bundler output; minified dist artifact with no malicious patterns, consistent with this package's build tooling. | ai | |
| source-diff | obfuscated-file:dist/packem_shared/loadSourceMap-Dm4YtQvM.js | AI (source-diff): Standard packem/bundler minified output; no malicious patterns in sample. Stable for this package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): SLSA provenance attestation confirms CI/CD publish; dormancy explained by major version bump in a monorepo. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 2.0.5 | 1 / 0 | |
| 2.0.4 | 1 / 0 | |
| 2.0.3 | 1 / 0 | |
| 2.0.2 | 1 / 0 | |
| 2.0.1 | 1 / 0 | |
| 2.0.0 | 1 / 0 | |
| 1.0.20 | 2 / 0 |
v2.0.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.