@voicenter-team/voicenter-ui-plus
This is Vue 3.x + Typescript component library made for Voicenter systems
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:library/core/entry-7MedY5a6.mjs | AI (source-diff): False positive on a UI component bundle; network calls are editor fetch APIs, not dropper behavior. | ai | |
| source-diff | obfuscated-file:library/core/index-Cu73PPC3.mjs | AI (source-diff): Minified CodeMirror Java language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-Ck0hEoH5.mjs | AI (source-diff): Minified CodeMirror SQL language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-Brg39W8r.mjs | AI (source-diff): Minified CodeMirror Go language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BqZbJSv5.mjs | AI (source-diff): Minified CodeMirror PHP language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-aRKANfxA.mjs | AI (source-diff): Minified CodeMirror Rust language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-DwdnC-bV.mjs | AI (source-diff): Minified CodeMirror language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-D9pmi177.mjs | AI (source-diff): Minified CodeMirror language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-D4ALxe3L.mjs | AI (source-diff): Minified CodeMirror language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-D3fgPDap.mjs | AI (source-diff): Minified CodeMirror language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-CX3WSSx2.mjs | AI (source-diff): Minified CodeMirror language parser; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/entry-7MedY5a6.mjs | AI (source-diff): Vite/Rollup bundle of CodeMirror + UI components; minified but not malicious. | ai | |
| phantom-deps | phantom-dep:codemirror | AI (phantom-deps): codemirror loaded via vue-codemirror6 wrapper; config-referenced, stable FP. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Large UI library; lodash used via config/convention, not direct import. Stable FP. | ai | |
| phantom-deps | phantom-dep:@milkdown/vue | AI (phantom-deps): Milkdown editor integration; loaded via config, stable FP for this package. | ai | |
| phantom-deps | phantom-dep:vue-codemirror6 | AI (phantom-deps): Config-referenced wrapper; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@vue/test-utils | AI (phantom-deps): Framework-scoped test utility; convention-loaded, stable FP. | ai | |
| phantom-deps | phantom-dep:jsonpath-plus | AI (phantom-deps): Referenced in config files; stable FP for this UI library. | ai | |
| source-diff | obfuscated-file:library/core/index-DHgyBRn8.mjs | AI (source-diff): Minified CodeMirror language module; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-CkfLio6C.mjs | AI (source-diff): CodeMirror Rust language support; minified build output. | ai | |
| source-diff | obfuscated-file:library/core/index-Bju5LdiT.mjs | AI (source-diff): CodeMirror Java language support; minified build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BGJQiclS.mjs | AI (source-diff): CodeMirror Go language support; minified build output. | ai | |
| source-diff | obfuscated-file:library/core/index-B3DxZAFq.mjs | AI (source-diff): CodeMirror HTML/XML language support; minified build output. | ai | |
| source-diff | obfuscated-file:library/core/index-B_bildVv.mjs | AI (source-diff): CodeMirror CSS language support module; minified build output. | ai | |
| source-diff | net-exec-file:library/core/entry-DDDwx3pr.mjs | AI (source-diff): False positive on minified CodeMirror bundle; no actual dropper/loader pattern present. | ai | |
| source-diff | obfuscated-file:library/core/entry-DDDwx3pr.mjs | AI (source-diff): Minified CodeMirror/editor bundle; standard build output for this UI library. | ai | |
| source-diff | obfuscated-file:library/core/index-sHXxzmmN.mjs | AI (source-diff): Minified CodeMirror language module; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-pOvLJNkD.mjs | AI (source-diff): Minified CodeMirror language module; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-N0wzFp0j.mjs | AI (source-diff): Minified CodeMirror language module; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-DknIur64.mjs | AI (source-diff): Minified CodeMirror language module; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-Djf2HmOn.mjs | AI (source-diff): Minified CodeMirror language parser bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/entry-9waO-ii2.mjs | AI (source-diff): Minified Vite bundle entry point for CodeMirror/Milkdown; standard build artifact. | ai | |
| source-diff | net-exec-file:library/core/entry-9waO-ii2.mjs | AI (source-diff): Network+exec pattern fires on bundled editor framework code; no dropper behavior evident. | ai | |
| source-diff | obfuscated-file:library/core/index-5XTYllf8.mjs | AI (source-diff): Minified CodeMirror C++ language parser; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-BIuNzHq0.mjs | AI (source-diff): Minified CodeMirror Python language parser; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-BJJ7G1kH.mjs | AI (source-diff): Minified CodeMirror PHP language parser; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-BWexRHi1.mjs | AI (source-diff): Minified CodeMirror SQL language parser; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-CApVvY4i.mjs | AI (source-diff): Minified CodeMirror CSS language parser; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-D0jRT024.mjs | AI (source-diff): Minified CodeMirror language parser bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-D4_mrv79.mjs | AI (source-diff): Minified CodeMirror language parser bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-DAPqny2s.mjs | AI (source-diff): Minified CodeMirror language parser bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-UOZNryNK.mjs | AI (source-diff): Minified CodeMirror language parser bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:library/core/entry-C1uqp-lm.mjs | AI (source-diff): Main Vite bundle of CodeMirror/Milkdown UI library; minified build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-D7ggpCdC.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-D3FyPKbl.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-D16P5XEs.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-clOXfB9B.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-CLLFqnwj.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-CJfoY4tA.mjs | AI (source-diff): CodeMirror language grammar bundle — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-CHzQ0opk.mjs | AI (source-diff): CodeMirror C++ language grammar — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-BWO4i8Fm.mjs | AI (source-diff): CodeMirror PHP language grammar — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-BdKHwbLO.mjs | AI (source-diff): CodeMirror SQL language grammar — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-BCsaPCru.mjs | AI (source-diff): CodeMirror Rust language grammar — minified tokenizer. | ai | |
| source-diff | obfuscated-file:library/core/index-9tv5FZx8.mjs | AI (source-diff): CodeMirror Go language grammar — minified tokenizer. | ai | |
| source-diff | net-exec-file:library/core/entry-C1uqp-lm.mjs | AI (source-diff): Network calls and dynamic code in a UI component/editor bundle are expected; no dropper pattern. | ai | |
| source-diff | obfuscated-file:library/core/entry-LR10HxE9.mjs | AI (source-diff): Standard Vite/Rollup bundle output for a UI component library; long lines are minified but readable JS. | ai | |
| source-diff | net-exec-file:library/core/entry-LR10HxE9.mjs | AI (source-diff): Network calls and dynamic patterns in a UI component bundle are expected; no dropper behavior visible in sample. | ai | |
| source-diff | obfuscated-file:library/core/index-9IanTzTm.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-Bdc1C92P.mjs | AI (source-diff): CodeMirror CSS/Sass language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-BJY90l9K.mjs | AI (source-diff): CodeMirror Python language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-BWbyTPKj.mjs | AI (source-diff): CodeMirror SQL language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-BwsMbgFM.mjs | AI (source-diff): CodeMirror Java language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-C1QKFrvZ.mjs | AI (source-diff): CodeMirror CSS language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-CkyvhKsl.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-CU6v6rFv.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-Cvn_Ekcu.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-DfwsN9ON.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | obfuscated-file:library/core/index-DPXcVCmu.mjs | AI (source-diff): CodeMirror language parser bundle; minified but legitimate. | ai | |
| source-diff | encoded-string-file:library/core/index.umd.js | AI (source-diff): Long encoded strings in a UMD build are typical for bundled UI libraries (e.g. icon SVG data, CSS). | ai | |
| source-diff | net-exec-file:library/core/entry-BKrD0RBL.mjs | AI (source-diff): Network calls and dynamic code in a UI library bundle are expected (fetch for assets, dynamic imports); no dropper pattern visible in samples. | ai | |
| source-diff | obfuscated-file:library/core/index-JMZUDHdp.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-J8Dat7YQ.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-g5OPFKhJ.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-Dl5FfLH7.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-CUMfOXPg.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-CFjyZNuJ.mjs | AI (source-diff): CodeMirror language bundle; standard Vite build output. | ai | |
| source-diff | obfuscated-file:library/core/index-CcFoMOlp.mjs | AI (source-diff): CodeMirror Python language support bundle; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-C-c2Z-qR.mjs | AI (source-diff): CodeMirror Java language support bundle; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BztfI8J3.mjs | AI (source-diff): CodeMirror Go language support bundle; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BsyHLtlI.mjs | AI (source-diff): CodeMirror CSS language support bundle; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BdSZyTPh.mjs | AI (source-diff): CodeMirror C++ language support bundle; standard build output. | ai | |
| source-diff | obfuscated-file:library/core/index-BAj2kg_2.mjs | AI (source-diff): CodeMirror language parser bundle; minified but readable and benign. | ai | |
| source-diff | obfuscated-file:library/core/entry-BKrD0RBL.mjs | AI (source-diff): Standard Vite/Rollup bundle output for a UI component library; minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:library/core/index-Bnbcgp45.mjs | AI (source-diff): CodeMirror XML/HTML language parser, minified; not malicious. | ai | |
| source-diff | net-exec-file:library/core/entry-CUnU_LTf.mjs | AI (source-diff): Vite bundle with standard private-field helpers; no actual dropper pattern. | ai | |
| source-diff | obfuscated-file:library/core/index-KX4Bfsig.mjs | AI (source-diff): Minified CodeMirror/Vite bundle; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-Dz1n0irY.mjs | AI (source-diff): Minified CodeMirror/Vite bundle; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-CYWz3-a9.mjs | AI (source-diff): Minified CodeMirror/Vite bundle; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-CToYp0ec.mjs | AI (source-diff): Minified CodeMirror/Vite bundle; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-C1SGZ0VB.mjs | AI (source-diff): Minified CodeMirror/Vite bundle; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-C_0ohr-m.mjs | AI (source-diff): CodeMirror Python language parser, minified; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-BnrhesCl.mjs | AI (source-diff): CodeMirror template language parser, minified; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-BHgTKNj6.mjs | AI (source-diff): CodeMirror C++ language parser, minified; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/index-6fzTDgR0.mjs | AI (source-diff): CodeMirror Rust language parser, minified; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/cobol-4yqQntpt.mjs | AI (source-diff): CodeMirror COBOL language parser, minified; not malicious. | ai | |
| source-diff | obfuscated-file:library/core/entry-CUnU_LTf.mjs | AI (source-diff): Minified Vite bundle output; standard pattern for this UI library. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by addition of CodeMirror/Milkdown editor dependencies. | ai | |
| source-diff | net-exec-file:library/core/entry-CMErlSCw.mjs | AI (source-diff): Network calls and dynamic code in bundled UI library; no dropper/loader pattern in sample. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are CodeMirror language bundles added as devDependencies; expected growth for a UI component library. | ai | |
| source-diff | obfuscated-file:library/core/sql-Cei9CMfk.mjs | AI (source-diff): Minified SQL language support for CodeMirror; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-wLsWU3ZT.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-accBWmVe.mjs | AI (source-diff): Minified CodeMirror language support module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/entry-CMErlSCw.mjs | AI (source-diff): Standard Vite/Rollup bundle output; samples show legitimate CodeMirror/editor library code. | ai | |
| source-diff | obfuscated-file:library/core/index-MZYTfKgp.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-Du6O_L2u.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-DO35X02z.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-Df4jbl9R.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-DbwwziFY.mjs | AI (source-diff): Minified CodeMirror language module; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-DappDgUH.mjs | AI (source-diff): Minified Go language support for CodeMirror; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-C7x-T1Iq.mjs | AI (source-diff): Minified XML/HTML language support for CodeMirror; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-C5NXq8_G.mjs | AI (source-diff): Minified Java language highlighting for CodeMirror; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-BZYZsdvW.mjs | AI (source-diff): Minified HTML/template language support for CodeMirror; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:library/core/index-BzgPPKBc.mjs | AI (source-diff): Minified Python language parser for CodeMirror; legitimate build artifact. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): @vueuse/core is explicitly declared as a runtime dependency; phantom-dep is a false positive for this package. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 2.0.12 | 6 / 54 | |
| 2.0.10 | 6 / 54 | |
| 2.0.9 | 6 / 54 | |
| 2.0.8 | 6 / 54 | |
| 2.0.7 | 6 / 54 | |
| 2.0.6 | 6 / 54 | |
| 2.0.5 | 6 / 54 | |
| 2.0.4 | 6 / 54 | |
| 2.0.3 | 6 / 54 | |
| 2.0.2 | 6 / 54 | |
| 2.0.1 | 6 / 54 | |
| 1.1.21 | 17 / 44 |
v2.0.12
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.10
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.9
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.7
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.6
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.4
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.