bippy
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/src-CZc5lOwK.cjs | AI (source-diff): Standard minified build output from tsdown; readable React DevTools instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/src-B1XV7Ej_.js | AI (source-diff): ESM counterpart of the same minified build output; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-YNyYB6YK.d.ts | AI (source-diff): Bundled TypeScript declaration file with long import lines; not obfuscated. | ai | |
| source-diff | net-exec-file:dist/source-CBCTB51B.js | AI (source-diff): ESM bundle output with standard interop; not malicious network/exec activity. | ai | |
| source-diff | net-exec-file:dist/source-VilPky0v.cjs | AI (source-diff): Rolldown bundle output with CJS interop; not malicious network/exec activity. | ai | |
| source-diff | net-exec-file:dist/source-CTbJ4jWB.cjs | AI (source-diff): Rolldown bundler output containing error-stack-parser and React fiber code; not malicious. | ai | |
| source-diff | net-exec-file:dist/source-DApL4zD4.js | AI (source-diff): ESM counterpart of the same rolldown bundle; not malicious. | ai | |
| source-diff | net-exec-file:dist/source-CAKKlkON.js | AI (source-diff): ESM bundle with rolldown runtime helpers; not malicious. | ai | |
| source-diff | net-exec-file:dist/source-C6Kcs2bv.cjs | AI (source-diff): Bundled build output with CJS interop helpers; not malicious network/exec. | ai | |
| source-diff | net-exec-file:dist/source-ChLNXW9d.cjs | AI (source-diff): Bundled build output with standard rolldown runtime helpers and error-stack-parser; not malicious. | ai | |
| source-diff | net-exec-file:dist/source-CbtKVSlW.js | AI (source-diff): ESM counterpart of same bundled source file; same false positive. | ai | |
| source-diff | net-exec-file:dist/source.iife.js | AI (source-diff): IIFE bundle output; minified but not obfuscated, standard build artifact. | ai | |
| source-diff | net-exec-file:dist/source-XJPX_wAG.js | AI (source-diff): Bundled ESM output from tsdown; rolldown runtime shims trigger net-exec heuristic falsely. | ai | |
| source-diff | obfuscated-file:dist/core-CmL25iLV.d.ts | AI (source-diff): Long TypeScript declaration lines, not obfuscation; standard .d.ts output. | ai | |
| source-diff | net-exec-file:dist/source-BEL1nkP1.cjs | AI (source-diff): Bundled CJS output from tsdown; CJS interop shims trigger net-exec heuristic falsely. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-aNC2TnWN.cjs | AI (source-diff): Minified build artifact for React DevTools hook; content is readable instrumentation code with MIT license header. | ai | |
| source-diff | obfuscated-file:dist/core-Bl5QDLCY.cjs | AI (source-diff): Minified build artifact with content-hash filename; standard tsdown/Vite output for this package. | ai | |
| source-diff | obfuscated-file:dist/core-BmxLxXeu.js | AI (source-diff): Minified build artifact with content-hash filename; standard tsdown/Vite output for this package. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-CqZoDOZQ.cjs | AI (source-diff): Minified build artifact with content-hash filename; standard tsdown/Vite output for this package. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook.cjs | AI (source-diff): Minified build artifact for a React DevTools hook library; content is readable and benign. | ai | |
| source-diff | obfuscated-file:dist/core-DcvcGWE0.cjs | AI (source-diff): Minified build artifact from tsdown bundler; content is React Fiber instrumentation, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DnW_XqbK.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook injection, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-DrcMh8Kr.js | AI (source-diff): Minified ESM build artifact; same React Fiber logic as CJS counterpart, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core-CLXCJJKo.cjs | AI (source-diff): Minified build artifact from tsdown/terser build pipeline; content matches React fiber instrumentation logic. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-pgzgY3Sj.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook injection, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-BYSK76G-.js | AI (source-diff): Minified ESM build artifact; same React fiber instrumentation code as other dist files. | ai | |
| source-diff | obfuscated-file:dist/core-Wlj_iSSM.cjs | AI (source-diff): Standard bundler minification output for this React instrumentation library; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-C6zmKmBn.cjs | AI (source-diff): Standard bundler minification output; code is readable React DevTools hook logic. | ai | |
| source-diff | obfuscated-file:dist/core-_xno6DOO.js | AI (source-diff): Standard bundler minification output; same pattern as other dist files in this package. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-D8cI2Hik.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook injection consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-DmUyehIK.js | AI (source-diff): Minified build artifact; ESM variant of core, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-Baf5H9cC.cjs | AI (source-diff): Minified build artifact; content is React Fiber traversal logic consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-Cjoce0EW.d.ts | AI (source-diff): TypeScript declaration file with long lines; not executable code, no obfuscation risk. | ai | |
| source-diff | obfuscated-file:dist/core-xjGqMMEY.cjs | AI (source-diff): Standard bundler output (tsdown/esbuild) with license header; content is React fiber instrumentation, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DnMMBqZs.cjs | AI (source-diff): Standard bundler output; content is the RDT hook instrumentation matching the package's documented purpose. | ai | |
| source-diff | obfuscated-file:dist/core-DBBh-FTl.js | AI (source-diff): Standard bundler output (ESM variant of core); readable React fiber code with correct license header. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DXiQ00mj.cjs | AI (source-diff): Standard minified build output; contains React DevTools hook instrumentation logic, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/core-D1unqHCA.js | AI (source-diff): Standard minified build output; ESM variant of the same React fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/core-BDyaN6OC.cjs | AI (source-diff): Standard minified build output from tsdown/terser; readable React fiber logic with license header. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-3SlCAu5p.cjs | AI (source-diff): Standard bundler minification output; code is readable React DevTools hook logic with license headers. | ai | |
| source-diff | obfuscated-file:dist/core-coQbWNwP.js | AI (source-diff): Standard bundler minification output; ESM variant of the same React fiber logic. | ai | |
| source-diff | obfuscated-file:dist/core-D8j-0_U5.cjs | AI (source-diff): Standard bundler minification output; code is readable React fiber logic with license headers. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-D2m6uUhj.cjs | AI (source-diff): Standard minified build output for bippy; content is React DevTools hook instrumentation, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core-U1d648PH.js | AI (source-diff): Standard minified build output for bippy; ESM variant of core, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core-Ba_4EQvc.cjs | AI (source-diff): Standard minified build output for bippy; content is React Fiber instrumentation, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DKowStdz.cjs | AI (source-diff): Minified bundler output; React DevTools hook instrumentation consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-CoV0JPOT.js | AI (source-diff): Minified ESM build artifact; content matches package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-DjjS1PyL.cjs | AI (source-diff): Minified bundler output for a React instrumentation library; content matches package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-Cd3r2ofN.cjs | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-D8wHLzT1.cjs | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/core-C5GY88Ut.js | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/core-DHfgke6q.js | AI (source-diff): Standard minified ESM build artifact for bippy core module. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DMr9w9M6.cjs | AI (source-diff): Standard minified build artifact; content is React DevTools hook instrumentation, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core-CDFqpM4d.cjs | AI (source-diff): Standard minified build artifact for bippy; content is React Fiber instrumentation code with license header. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-CvGtf2Ko.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook injection, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-BDWE7M7e.d.ts | AI (source-diff): Long-line TypeScript declaration file, not executable code; false positive for obfuscation rule. | ai | |
| source-diff | obfuscated-file:dist/core-okQGppJr.cjs | AI (source-diff): Minified build artifact from tsdown bundler; content is legitimate React Fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/core-vna6K12E.js | AI (source-diff): Minified ESM build artifact; same legitimate React Fiber code as the CJS counterpart. | ai | |
| source-diff | obfuscated-file:dist/core-BfMrtjuO.cjs | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design across all versions. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-CC7xcriA.cjs | AI (source-diff): Minified build artifact with license header; expected output for this React instrumentation package. | ai | |
| source-diff | obfuscated-file:dist/core-BKZAzaFk.js | AI (source-diff): Minified build artifact with license header; expected output for this React instrumentation package. | ai | |
| source-diff | obfuscated-file:dist/core-D7_ABaNC.js | AI (source-diff): Minified ESM build artifact of the same React Fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-CUxWxwLu.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook instrumentation matching package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-DA3qEQ-B.cjs | AI (source-diff): Minified build artifact of React Fiber instrumentation code; consistent with bippy's documented purpose across versions. | ai | |
| source-diff | obfuscated-file:dist/core-BQWcwPuH.cjs | AI (source-diff): Minified bundler output (tsdown/esbuild); content matches React fiber instrumentation, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/core-C9es-rtT.js | AI (source-diff): Minified bundler output; ESM variant of the same React fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-Bt7MAUjK.cjs | AI (source-diff): Minified bundler output; content is React DevTools hook instrumentation consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-fnfpHC-R.cjs | AI (source-diff): Standard minified build output for bippy; content is React DevTools hook instrumentation with license header. | ai | |
| source-diff | obfuscated-file:dist/core-D94YBws4.cjs | AI (source-diff): Standard minified build output for bippy; content is React Fiber instrumentation code with license header. | ai | |
| source-diff | obfuscated-file:dist/core-BS1Kq8uK.js | AI (source-diff): Standard minified build output for bippy; content is React Fiber instrumentation code with license header. | ai | |
| source-diff | obfuscated-file:dist/core-DUdJNG_v.cjs | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/core-CI0zcLQw.js | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-tX8aJ1Oc.cjs | AI (source-diff): Minified build artifact with license header; bippy ships bundled dist files by design. | ai | |
| source-diff | obfuscated-file:dist/core-DQUPoE6z.cjs | AI (source-diff): Minified bundler output (tsdown/esbuild); content is React fiber instrumentation, not malicious. | ai | |
| source-diff | obfuscated-file:dist/core-BE71wdnw.js | AI (source-diff): Minified bundler output; same React fiber logic as other dist files, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-BAGN3kfF.cjs | AI (source-diff): Minified bundler output; content is React DevTools hook instrumentation, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-mdTLRyEJ.js | AI (source-diff): Standard minified build output for this React instrumentation library; content matches package purpose. | ai | |
| source-diff | obfuscated-file:dist/core-bbMuuR0q.cjs | AI (source-diff): Standard minified build output for this React instrumentation library; content matches package purpose. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-D4Bzf_uM.cjs | AI (source-diff): Standard minified build output; React DevTools hook injection is core functionality of bippy. | ai | |
| source-diff | obfuscated-file:dist/core-Jb49XNEH.cjs | AI (source-diff): Standard minified build output for a React internals library; content is readable React Fiber logic with license header. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-gE4odHs9.cjs | AI (source-diff): Standard minified build output; content is React DevTools hook instrumentation, not malicious. | ai | |
| source-diff | obfuscated-file:dist/core-CS38tBgC.js | AI (source-diff): Standard minified build output; same React Fiber logic as the .cjs counterpart. | ai | |
| source-diff | obfuscated-file:dist/core-BQc_XXkB.cjs | AI (source-diff): Standard bundler minification output for a React instrumentation library; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/core-DR6Lb084.js | AI (source-diff): Standard bundler minification output; ESM variant of the same React fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-D7XiZP9p.cjs | AI (source-diff): Standard bundler minification output; content is React DevTools hook logic, not malicious. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-DjVWQ1ex.cjs | AI (source-diff): Minified build artifact; content is React DevTools hook instrumentation, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/core-DeXBmn_W.js | AI (source-diff): Minified build artifact; same React Fiber logic as the CJS counterpart, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/core-BGFTvyXC.cjs | AI (source-diff): Minified build artifact of a React instrumentation library; content is readable React Fiber logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/core-DVWLY4I2.cjs | AI (source-diff): Standard minified build output from tsdown/terser; content is React Fiber instrumentation, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core-DDSDfsbb.js | AI (source-diff): Standard minified build output; ESM variant of the same React Fiber instrumentation code. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-C7Zyojd_.cjs | AI (source-diff): Standard minified build output; content is React DevTools hook instrumentation, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:@types/react-reconciler | AI (phantom-deps): @types/react-reconciler is a type-only dep used at build time; not imported at runtime. | ai | |
| source-diff | obfuscated-file:dist/core-DOjBpCvr.js | AI (source-diff): Minified bundler output; same React fiber logic as other dist chunks. | ai | |
| source-diff | obfuscated-file:dist/core-s90z2mSW.cjs | AI (source-diff): Minified bundler output (tsdown/esbuild); content is React fiber instrumentation, not malicious. | ai | |
| source-diff | obfuscated-file:dist/rdt-hook-CIAyAMXM.cjs | AI (source-diff): Minified bundler output; content is React DevTools hook instrumentation, consistent with package purpose. | ai |
Versions (showing 44 of 44)
| Version | Deps | Published |
|---|---|---|
| 0.5.41 | 0 / 16 | |
| 0.5.40 | 0 / 16 | |
| 0.5.39 | 0 / 16 | |
| 0.5.38 | 0 / 16 | |
| 0.5.37 | 0 / 16 | |
| 0.5.35 | 0 / 16 | |
| 0.5.34 | 0 / 18 | |
| 0.5.33 | 1 / 17 | |
| 0.5.32 | 1 / 18 | |
| 0.5.31 | 1 / 18 | |
| 0.5.30 | 1 / 18 | |
| 0.5.29 | 1 / 18 | |
| 0.5.28 | 1 / 18 | |
| 0.5.27 | 1 / 18 | |
| 0.5.26 | 1 / 18 | |
| 0.5.25 | 1 / 18 | |
| 0.5.24 | 1 / 18 | |
| 0.5.23 | 1 / 18 | |
| 0.5.22 | 1 / 18 | |
| 0.5.21 | 1 / 18 | |
| 0.5.20 | 1 / 18 | |
| 0.5.19 | 1 / 18 | |
| 0.5.18 | 1 / 18 | |
| 0.5.17 | 1 / 18 | |
| 0.5.16 | 1 / 18 | |
| 0.5.15 | 1 / 18 | |
| 0.5.14 | 1 / 18 | |
| 0.5.13 | 1 / 18 | |
| 0.5.12 | 1 / 18 | |
| 0.5.11 | 1 / 18 | |
| 0.5.10 | 1 / 18 | |
| 0.5.9 | 1 / 18 | |
| 0.5.8 | 1 / 18 | |
| 0.5.7 | 1 / 18 | |
| 0.5.6 | 1 / 18 | |
| 0.5.5 | 1 / 18 | |
| 0.4.0 | 1 / 19 | |
| 0.3.32 | 1 / 22 | |
| 0.3.26 | 1 / 22 | |
| 0.3.17 | 1 / 22 | |
| 0.3.15 | 1 / 22 | |
| 0.3.14 | 1 / 22 | |
| 0.3.13 | 1 / 22 | |
| 0.3.12 | 1 / 22 |
v0.5.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.32
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.31
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.30
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.29
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.28
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.27
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.26
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.25
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.24
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.23
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.22
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.21
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.20
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.19
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.18
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.17
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.16
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.15
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.14
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.13
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.12
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.11
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.9
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.32
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.26
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.17
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.15
5 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.14
5 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.