← Home

@visulima/tsconfig

npm Repository Homepage
8
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

prisis

Keywords

anolilabvisulimats-configget-tsconfigread-tsconfigtsconfigtsconfig.json

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/packem_shared/implicitBaseUrlSymbol-CMaKZ6En.js AI (source-diff): Minified build artifact from packem bundler; content is readable tsconfig-resolution logic with no malicious patterns. ai
publish-pattern dormant-publish AI (publish-pattern): Established visulima monorepo; dormancy reflects infrequent releases, not account takeover risk given SLSA provenance. ai
phantom-deps phantom-dep:@visulima/path AI (phantom-deps): Same-org dep declared in package.json; phantom-dep heuristic misfires for this monorepo package. ai
phantom-deps phantom-dep:jsonc-parser AI (phantom-deps): Declared in dependencies; used transitively or via config — stable false positive for this package. ai
phantom-deps phantom-dep:resolve-pkg-maps AI (phantom-deps): Declared in dependencies; stable false positive for this package. ai

Versions (showing 8 of 8)

Version Deps Published
2.1.3 4 / 0
2.1.2 4 / 0
2.1.1 4 / 0
2.1.0 5 / 0
2.0.3 5 / 0
2.0.2 5 / 0
2.0.1 5 / 0
2.0.0 5 / 0

v2.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.2

2 findings
HIGH New obfuscated file: dist/packem_shared/implicitBaseUrlSymbol-CMaKZ6En.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.1

2 findings
HIGH New obfuscated file: dist/packem_shared/implicitBaseUrlSymbol-CMaKZ6En.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

2 findings
HIGH New obfuscated file: dist/packem_shared/implicitBaseUrlSymbol-CMaKZ6En.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.