← Home

html-dom-parser

10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

remarkablemark

Keywords

html-dom-parserhtmldomparserhtmlparser2pojo

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff encoded-string-file:dist/htmlparser2.js AI (source-diff): Long encoded string is the htmlparser2 HTML entity decode trie (base64-packed lookup table), a stable legitimate pattern for this package. ai
source-diff obfuscated-file:esm/node_modules/entities/dist/esm/generated/decode-data-html.mjs AI (source-diff): Base64-encoded HTML entity decode table generated by entities package build scripts; not malicious. ai
source-diff source-size-tripled AI (source-diff): Size increase due to bundling htmlparser2 and entities deps into the package; expected for this build change. ai
source-diff large-new-source-files AI (source-diff): New files are bundled dependency outputs (rollup build artifacts); not injected payloads. ai
source-diff obfuscated-file:esm/node_modules/entities/dist/generated/decode-data-html.mjs AI (source-diff): Known base64-encoded HTML decode trie from the entities package; not obfuscation. ai
source-diff obfuscated-file:dist/htmlparser2.js AI (source-diff): UMD bundle of htmlparser2 dep produced by rollup; long lines are minified but not malicious. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decode is part of htmlparser2 bundled utility for binary encoding; not a malicious payload pattern. ai

Versions (showing 10 of 10)

Version Deps Published
8.0.0 2 / 29
7.1.0 2 / 37
7.0.1 2 / 37
7.0.0 2 / 37
6.0.0 2 / 37
5.1.8 2 / 36
5.1.7 2 / 42
5.1.5 2 / 41
5.1.4 2 / 41
5.1.2 2 / 41

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.