@vtj/pro
VTJ 是一款基于 Vue3 + Typescript 的低代码页面可视化设计器。内置低代码引擎、渲染器和代码生成器,面向前端开发者,开箱即用。 无缝嵌入本地开发工程,不改变前端开发流程和编码习惯。
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/assets/Editor-D-tp7Tlp-BqA5rq41.js | AI (source-diff): Standard Vite minified bundle for a low-code editor; long lines are expected build output. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-9RSgvd_1.js | AI (source-diff): uni-app bundle with standard async module loading; not malicious. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-D-tp7Tlp-BqA5rq41.js | AI (source-diff): Network calls and dynamic imports are part of the editor's normal runtime; no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-DzXiTz8Y.js | AI (source-diff): Vite-minified utility bundle; long lines are standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-9RSgvd_1.js | AI (source-diff): Vite-bundled uni-app output; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-CLA-9enI-D3Jup7YW.js | AI (source-diff): Network calls and dynamic code in a low-code editor bundle are expected (plugin/renderer loading). | ai | |
| source-diff | obfuscated-file:dist/assets/utils-C3t_6B71.js | AI (source-diff): Vite-minified utils bundle from the @vtj org; expected build artifact. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-Cm0YeEOD.js | AI (source-diff): Dynamic imports via __vite__mapDeps are standard Vite code-splitting; not malicious. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-Cm0YeEOD.js | AI (source-diff): Vite-minified uni-app entry bundle; expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-CLA-9enI-D3Jup7YW.js | AI (source-diff): Vite-minified editor bundle; consistent with low-code designer build output. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-w-B0HwIS-BxhiGK4m.js | AI (source-diff): Network+exec pattern in minified editor bundle is normal for a low-code designer tool. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-B9ou2h1e.js | AI (source-diff): Vite-minified utils bundle; expected artifact. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-CXraNiDG.js | AI (source-diff): Network+exec in minified uni bundle is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-CXraNiDG.js | AI (source-diff): Vite-minified uni app bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-w-B0HwIS-BxhiGK4m.js | AI (source-diff): Vite-minified editor bundle; expected build artifact for this low-code designer. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-DyuWe83--BVB-iC-v.js | AI (source-diff): Network+exec pattern in a bundled low-code editor is expected; no exfiltration or shell indicators in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-DyuWe83--BVB-iC-v.js | AI (source-diff): Vite-minified editor bundle; sample shows standard JS utility patterns, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-DwSQlKsg.js | AI (source-diff): Vite-minified utils bundle; sample shows standard object spread helpers and named re-exports. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-C59gwPz0.js | AI (source-diff): Same bundle as above; network calls are part of uni-app routing, not malware. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-C59gwPz0.js | AI (source-diff): Vite-minified uni-app entry bundle; sample shows __vite__mapDeps and standard async iterator patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-Bg43eza_.js | AI (source-diff): Minified utils bundle; expected Vite build artifact. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-C4A1RoXI.js | AI (source-diff): Network+exec in bundled uni-app index; not malicious. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-C4A1RoXI.js | AI (source-diff): Standard Vite-bundled uni-app entry; expected artifact. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-C-TdqSeA-BRYIqzWS.js | AI (source-diff): Network+exec pattern in a bundled UI editor component; not a dropper. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-C-TdqSeA-BRYIqzWS.js | AI (source-diff): Minified Vite build output for the Editor component; expected artifact. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-B9UYmguL.js | AI (source-diff): Same bundle as above; network+exec pattern is normal for a uni-app SPA bundle. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-B9UYmguL.js | AI (source-diff): Vite-bundled uni-app entry; __vite__mapDeps header confirms standard build output. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-CkTaBh2w-vY_VpQTs.js | AI (source-diff): Network calls and dynamic code in a low-code editor bundle are expected; no exfiltration pattern visible. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-CkTaBh2w-vY_VpQTs.js | AI (source-diff): Vite-bundled editor chunk for this low-code tool; minification is expected build output. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-C9-A3ucB.js | AI (source-diff): Vite-minified @vtj/utils bundle; imports from known @vtj/* chunks, no suspicious payload. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-CNsf5H5x-DmFntYTg.js | AI (source-diff): Network+exec pattern in a low-code editor bundle is expected; no exfiltration or shell-exec patterns visible. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/@dcloudio-uni-h5-vue-SI-KByE-.js | AI (source-diff): Standard Vite-minified @dcloudio/uni-h5-vue bundle; readable MIT license header visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-CNsf5H5x-DmFntYTg.js | AI (source-diff): Vite-bundled editor chunk; minified but no obfuscation indicators, standard JS patterns throughout. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/vue-router-D3IaKFZK.js | AI (source-diff): Minified vue-router bundle; standard Vite build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-CxKk6g6m.js | AI (source-diff): Vite-minified @vtj/utils bundle; readable import map confirms legitimate build output. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-zcD9la96.js | AI (source-diff): Same bundle as above; network calls are uni-app framework internals, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-zcD9la96.js | AI (source-diff): Vite-bundled uni-app entry; __vite__mapDeps header confirms standard build output. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-Cexcrr8z-Dbg1LRwa.js | AI (source-diff): Standard Vite minified bundle for a low-code editor; consistent with package purpose across versions. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-Cexcrr8z-Dbg1LRwa.js | AI (source-diff): Network calls and dynamic code in a low-code IDE editor bundle are expected; no exfiltration pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-DH7G9CXQ.js | AI (source-diff): Vite-minified utils bundle; consistent with package build output. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-DuEkQxD9.js | AI (source-diff): Dynamic imports via __vite__mapDeps are standard Vite lazy-loading, not malware. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-DuEkQxD9.js | AI (source-diff): Vite-bundled uni-app entry; minification is expected. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-DJN5ZlZJ.js | AI (source-diff): Bundled uni-app entry with standard async patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-CnrmSJC0-BJ5S1UBg.js | AI (source-diff): Vite-bundled dist asset; standard minified output for this low-code designer package. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-CnrmSJC0-BJ5S1UBg.js | AI (source-diff): Bundled editor component with fetch/Promise patterns; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-DJN5ZlZJ.js | AI (source-diff): Vite-bundled uni-app entry; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-BVEwWVpg.js | AI (source-diff): Vite-bundled utility module; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-DVUZplwr-DPbn-wdM.js | AI (source-diff): Standard Vite minified bundle for a low-code editor; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-CUeXtXwr.js | AI (source-diff): Standard Vite minified utility bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-CkFVRzRq.js | AI (source-diff): Network + dynamic code patterns are from Vite/Vue3 async module loading, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-CkFVRzRq.js | AI (source-diff): Standard Vite minified bundle for uni-app target; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-DVUZplwr-DPbn-wdM.js | AI (source-diff): Network + dynamic code patterns are from Vite/Vue3 async module loading, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-BiQ7hKH3-GiPeUrGn.js | AI (source-diff): Network+exec pattern in a low-code editor bundle is expected; no exfiltration payload visible. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-DXX32UxF.js | AI (source-diff): Vite-minified utils bundle; readable import structure, no obfuscation. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-QBUMP5OB.js | AI (source-diff): Same bundle as above; net+exec pattern is from legitimate async module loading. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-QBUMP5OB.js | AI (source-diff): Vite-bundled uni-app entry; minified standard Vue/router code. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-BiQ7hKH3-GiPeUrGn.js | AI (source-diff): Vite-bundled editor dist file; minified but not obfuscated, consistent with build tooling. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-B-LS88uQ.js | AI (source-diff): Standard uni-app bundle with async module loading; no malicious pattern. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Publisher has 547 approved packages; dormancy likely reflects development cycle, not takeover. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-DeNjHGHo-C8MhN8hz.js | AI (source-diff): Vite-bundled editor dist asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-DeNjHGHo-C8MhN8hz.js | AI (source-diff): Network calls and dynamic code in a bundled low-code editor UI are expected; no exfiltration pattern visible. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-B-LS88uQ.js | AI (source-diff): Vite-bundled uni-app entry; minification expected. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-DPHrmblb.js | AI (source-diff): Vite-bundled utils dist; minification expected. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-DfSjsRF9-BqN9asYY.js | AI (source-diff): Vite-bundled editor chunk; minified but clearly legitimate library code. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-BLjRSEGQ.js | AI (source-diff): Vite-minified utils bundle; standard output for this package. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-Cacd-rQ7.js | AI (source-diff): uni-app bundle with network/dynamic code is expected for a low-code platform. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-Cacd-rQ7.js | AI (source-diff): Vite-minified uni-app index bundle; standard minification pattern. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-DfSjsRF9-BqN9asYY.js | AI (source-diff): Network calls and dynamic code in a low-code editor bundle are expected; no malicious payload visible. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-BqYtjlo4.js | AI (source-diff): Vite-minified uni-app entry bundle; __vite__mapDeps header confirms standard Vite output. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-BqYtjlo4.js | AI (source-diff): Same Vite bundle; async iterator helpers and dynamic imports are standard framework patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-CwOUVnOt.js | AI (source-diff): Vite-minified utils bundle re-exporting @vtj/* symbols; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/vue-router-BaL-Hp_b.js | AI (source-diff): Minified vue-router bundle; standard Vite dependency chunk. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/@dcloudio-uni-h5-vue-BmOkhsCk.js | AI (source-diff): Standard Vite-minified @dcloudio/uni-h5-vue bundle; identifiable by MIT license comment and Vue scope API patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-CrsU0ZIP-C1gj3E7B.js | AI (source-diff): Vite-bundled editor chunk; minified but structurally normal JS with no malicious indicators. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-CrsU0ZIP-C1gj3E7B.js | AI (source-diff): Network + dynamic code patterns are from bundled low-code editor runtime, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/mockjs-C_F9xDf5.js | AI (source-diff): Bundled mockjs library (v1.0.1-beta3); minification is expected, not malicious. | ai | |
| source-diff | net-exec-file:dist/uni/assets/index-DNuDZPnD.js | AI (source-diff): uni-app framework bundle; network+exec pattern is expected for this platform. | ai | |
| source-diff | obfuscated-file:dist/uni/assets/index-DNuDZPnD.js | AI (source-diff): Standard Vite/uni-app minified bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/Editor-Cvt7c1SM-BU92OZFG.js | AI (source-diff): Low-code IDE editor bundle legitimately combines network calls and dynamic code execution. | ai | |
| source-diff | obfuscated-file:dist/assets/Editor-Cvt7c1SM-BU92OZFG.js | AI (source-diff): Standard Vite minified bundle for the Editor component; not obfuscated malware. | ai | |
| source-diff | encoded-string-file:dist/@vtj/materials/deps/@vtj/utils/index.umd.js | AI (source-diff): Long string is a lodash-style utility bundle; no actual encoded payload present in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/utils-BLrYAkKb.js | AI (source-diff): Standard Vite minified utils bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/mockjs-C_F9xDf5.js | AI (source-diff): mockjs intercepts XHR for mocking; network+exec pattern is its core design. | ai | |
| typosquat | typosquat.levenshtein:pino | AI (typosquat): Scoped package @vtj/pro; Levenshtein match to 'pino' is a false positive with no plausible squatting intent. | ai | |
| phantom-deps | phantom-dep:@vtj/materials | AI (phantom-deps): Same-org sibling dep in a monorepo; may be re-exported rather than directly imported. | ai | |
| phantom-deps | phantom-dep:@vtj/uni | AI (phantom-deps): Same-org sibling dep in a monorepo; may be re-exported rather than directly imported. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @vtj/pro; Levenshtein match to 'pg' is a false positive with no plausible squatting intent. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 0.16.36 | 6 / 8 | |
| 0.16.35 | 6 / 8 | |
| 0.16.33 | 6 / 8 | |
| 0.16.32 | 6 / 8 | |
| 0.16.31 | 6 / 8 | |
| 0.16.30 | 6 / 8 | |
| 0.16.29 | 6 / 8 | |
| 0.16.27 | 6 / 8 | |
| 0.16.26 | 6 / 8 | |
| 0.16.25 | 6 / 8 | |
| 0.16.24 | 6 / 8 | |
| 0.16.23 | 6 / 8 | |
| 0.16.22 | 6 / 8 | |
| 0.16.20 | 6 / 8 | |
| 0.16.19 | 6 / 8 | |
| 0.16.17 | 6 / 8 | |
| 0.16.16 | 6 / 8 | |
| 0.16.15 | 6 / 8 |
v0.16.36
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.35
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.32
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.31
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.30
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.29
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.27
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.26
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.25
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.24
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.23
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.22
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.20
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.19
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.17
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.