less
Leaner CSS
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/less.cjs | AI (source-diff): Rollup bundle of Less source; network calls from needle (optional dep) and dynamic exec from plugin loader are expected. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.6.2.js | AI (source-diff): Rhino runtime build of less.js; network+exec patterns are core CSS preprocessor functionality. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.5.1.js | AI (source-diff): Rhino runtime build of less.js; network+exec patterns are core CSS preprocessor functionality. | ai | |
| source-diff | net-exec-file:dist/less-1.6.2.js | AI (source-diff): Browser build of less.js; XHR for loading .less files and new Function() for JS eval are core features. | ai | |
| source-diff | net-exec-file:dist/less-1.6.2.min.js | AI (source-diff): Minified browser build of less.js; same pattern as unminified version. | ai | |
| source-diff | net-exec-file:dist/less-1.2.0.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.5.0.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.5.0.min.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.5.1.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.5.1.min.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.6.0.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.6.0.min.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.4.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.6.1.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.6.1.min.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.1.3.js | AI (source-diff): Rhino build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.3.1.js | AI (source-diff): Rhino build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.3.0.min.js | AI (source-diff): Browser build of Less CSS compiler; XHR for .less files + Function() for JS eval is expected architecture. | ai | |
| source-diff | net-exec-file:dist/less-1.3.1.js | AI (source-diff): Browser build of Less CSS compiler; network+exec is core functionality. | ai | |
| source-diff | net-exec-file:dist/less-1.3.1.min.js | AI (source-diff): Minified browser build of Less CSS compiler; same pattern as unminified. | ai | |
| source-diff | net-exec-file:dist/less-1.3.0.js | AI (source-diff): Browser build of Less CSS compiler; network+exec is core functionality. | ai | |
| source-diff | net-exec-file:dist/less-1.2.2.min.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.2.2.js | AI (source-diff): Browser build of Less CSS compiler; same pattern. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.1.5.js | AI (source-diff): LESS browser/rhino dist bundles legitimately contain XHR for stylesheet loading and Function() for JS eval in LESS; not malware. | ai | |
| source-diff | net-exec-file:dist/less-1.1.5.js | AI (source-diff): LESS browser dist bundle; network+exec is core functionality for loading and parsing stylesheets. | ai | |
| source-diff | net-exec-file:dist/less-1.2.0.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate network+exec pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.6.js | AI (source-diff): LESS browser dist bundle; legitimate stylesheet loading and parsing. | ai | |
| source-diff | net-exec-file:dist/less-1.2.1.js | AI (source-diff): LESS browser dist bundle; legitimate stylesheet loading and parsing. | ai | |
| source-diff | net-exec-file:dist/less-1.1.5.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.3.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.2.1.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.6.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.4.min.js | AI (source-diff): Minified LESS browser bundle; same legitimate pattern. | ai | |
| source-diff | net-exec-file:dist/less-1.1.3.js | AI (source-diff): LESS browser dist bundle; legitimate stylesheet loading and parsing. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase from shipping multiple versioned dist files; expected for LESS releases. | ai | |
| provenance | missing-githead | AI (provenance): Less v4 changed build/publish tooling (TypeScript rewrite); missing gitHead is expected for this package's v4+ line. | ai | |
| source-diff | source-size-dropped | AI (source-diff): v4 moved test data to @less/test-data package and ships compiled TS output; size drop is structural, not suspicious. | ai | |
| source-diff | net-exec-file:dist/less.min.js | AI (source-diff): Minified browser bundle of Less compiler; same legitimate use case as unminified version. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Build output of mature compiler; expected for distribution artifacts in Less. | ai | |
| source-diff | net-exec-file:dist/less.js | AI (source-diff): Compiled browser bundle of Less compiler; UMD wrapper + stylesheet loading is legitimate for this package. | ai | |
| source-diff | net-exec-file:dist/less-1.4.0-beta.js | AI (source-diff): Browser-based LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.1.js | AI (source-diff): Browser-based LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.3.2.js | AI (source-diff): Browser-based LESS compiler; network + code execution is inherent to CSS preprocessing in browsers. | ai | |
| source-diff | net-exec-file:test/browser/phantom-runner.js | AI (source-diff): Standard PhantomJS test runner for browser testing; network + code execution is expected for test infrastructure. | ai | |
| source-diff | net-exec-file:dist/less-1.3.2.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.3.3.js | AI (source-diff): Browser-based LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.3.3.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.0-beta.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.0.js | AI (source-diff): Browser-based LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.0.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.1.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.2.js | AI (source-diff): Browser-based LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-1.4.2.min.js | AI (source-diff): Minified browser LESS compiler; legitimate distribution artifact. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.3.2.js | AI (source-diff): Rhino-based LESS compiler; legitimate distribution artifact for Rhino runtime. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.3.3.js | AI (source-diff): Rhino-based LESS compiler; legitimate distribution artifact for Rhino runtime. | ai | |
| source-diff | net-exec-file:dist/less-rhino-1.4.0.js | AI (source-diff): Rhino-based LESS compiler; legitimate distribution artifact for Rhino runtime. | ai | |
| source-diff | net-exec-file:dist/less-1.0.41.js | AI (source-diff): Browser-side LESS runtime legitimately fetches .less stylesheets via XHR and compiles them to CSS. This is the intended behavior of the less browser distribution bundle, not malware. | ai | |
| source-diff | net-exec-file:dist/less-1.0.41.min.js | AI (source-diff): Browser-side LESS runtime legitimately fetches .less stylesheets via XHR and compiles them to CSS. This is the intended behavior of the less browser distribution bundle, not malware. | ai | |
| source-diff | net-exec-file:dist/less-1.1.1.js | AI (source-diff): Browser dist bundle for LESS CSS preprocessor; XHR fetches .less stylesheets and new Function() evaluates JS expressions — both are documented, intentional features of the LESS browser client. | ai | |
| source-diff | net-exec-file:dist/less-1.1.1.min.js | AI (source-diff): Minified browser dist bundle for LESS CSS preprocessor; same pattern as unminified — documented browser-side stylesheet loading and JS expression evaluation. | ai | |
| source-diff | net-exec-file:dist/less-1.1.2.js | AI (source-diff): Browser dist bundle for LESS CSS preprocessor; XHR fetches .less stylesheets and new Function() evaluates JS expressions — both are documented, intentional features of the LESS browser client. | ai | |
| source-diff | net-exec-file:dist/less-1.1.2.min.js | AI (source-diff): Minified browser dist bundle for LESS CSS preprocessor; same pattern as unminified — documented browser-side stylesheet loading and JS expression evaluation. | ai | |
| source-diff | net-exec-file:dist/less-1.1.0.js | AI (source-diff): Browser dist bundle for LESS CSS preprocessor; XHR fetches .less stylesheets and new Function() evaluates JS expressions — both are documented, intentional features of the LESS browser client. | ai | |
| source-diff | net-exec-file:dist/less-1.1.0.min.js | AI (source-diff): Minified browser dist bundle for LESS CSS preprocessor; same pattern as unminified — documented browser-side stylesheet loading and JS expression evaluation. | ai | |
| source-diff | net-exec-file:dist/less-1.0.44.js | AI (source-diff): Browser dist bundle for LESS CSS preprocessor; XHR fetches .less stylesheets and new Function() evaluates JS expressions — both are documented, intentional features of the LESS browser client. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All new dependencies (mime, mkdirp, promise, request, source-map, graceful-fs) are established packages supporting legitimate compiler functionality. | ai | |
| phantom-deps | phantom-dep:promise | AI (phantom-deps): Unused declared dependency is a minor housekeeping issue with no security implications for this package. | ai | |
| provenance | no-provenance | AI (provenance): Provenance attestation is absent in ~88% of npm packages; not a disqualifier for established packages. | ai | |
| source-diff | net-exec-file:test/browser/less.js | AI (source-diff): test/browser/less.js is Less.js's standard browser UMD bundle for testing. Network calls are XHR stylesheet loading; dynamic execution is the plugin loader — both are documented Less.js features, not malware. | ai | |
| dependencies | unvetted-dep:request | AI (dependencies): request is an established HTTP library; legitimate for Less's file/network operations. | ai | |
| phantom-deps | phantom-dep:mkdirp | AI (phantom-deps): Phantom dependency; likely transitive or build-time utility, not a security concern. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall script is part of the canonical less.js package, linked to verified source in the official repo. Common pattern for established packages. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process usage in postinstall.js is for environment detection/setup in the canonical less.js package; verified via source link. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a direct runtime dependency for TypeScript-compiled packages; it is legitimately declared in dependencies and used implicitly by compiled TS output. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Signals triggered by a test fixture (import-module) nested inside the package, not the main less package itself. Stable false positive. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() in test infrastructure (jasmine.js) is legitimate; Less is a parser/compiler where eval patterns are expected. | ai | |
| dependencies | unvetted-dep:errno | AI (dependencies): errno is a long-standing optional dependency in the less ecosystem; it's a phantom dep (not directly imported) and poses no real risk. | ai | |
| phantom-deps | phantom-dep:errno | AI (phantom-deps): Phantom dependency; likely transitive or build-time utility, not a security concern. | ai | |
| phantom-deps | phantom-dep:make-dir | AI (phantom-deps): make-dir is an optional dependency conditionally used; phantom-dep finding is expected for optional deps. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require in plugin-loader loads user-specified Less plugins; expected compiler behavior. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() compiles Less function definitions; standard pattern in parsers/compilers. | ai | |
| typosquat | typosquat.levenshtein:jest | AI (typosquat): less is a canonical CSS preprocessor; no brand confusion with jest despite edit distance. | ai |
Versions (showing 58 of 58)
| Version | Deps | Published |
|---|---|---|
| 4.6.6 | 2 / 53 | |
| 4.6.5 | 2 / 53 | |
| 4.6.4 | 2 / 53 | |
| 4.6.3 | 2 / 53 | |
| 4.6.2 | 2 / 49 | |
| 4.6.1 | 2 / 49 | |
| 4.6.0 | 2 / 49 | |
| 4.4.2 | 3 / 47 | |
| 4.4.1 | 3 / 47 | |
| 4.4.0 | 10 / 47 | |
| 4.3.0 | 10 / 47 | |
| 4.2.2 | 10 / 47 | |
| 4.2.1 | 10 / 47 | |
| 4.2.0 | 10 / 47 | |
| 4.1.3 | 10 / 47 | |
| 4.1.2 | 10 / 47 | |
| 4.1.1 | 10 / 46 | |
| 4.1.0 | 10 / 46 | |
| 4.0.0 | 10 / 45 | |
| 3.13.1 | 9 / 44 | |
| 3.13.0 | 8 / 45 | |
| 3.12.2 | 8 / 45 | |
| 3.12.1 | 8 / 45 | |
| 3.12.0 | 8 / 45 | |
| 3.11.1 | 10 / 39 | |
| 3.8.1 | 9 / 26 | |
| 3.6.0 | 8 / 25 | |
| 3.5.1 | 8 / 22 | |
| 2.7.2 | 8 / 15 | |
| 2.7.1 | 7 / 14 | |
| 2.7.0 | 7 / 14 | |
| 2.6.1 | 8 / 14 | |
| 2.1.0 | 6 / 13 | |
| 1.6.2 | 5 / 12 | |
| 1.6.1 | 5 / 12 | |
| 1.3.3 | 1 / 1 | |
| 1.3.2 | 1 / 1 | |
| 1.3.1 | 0 / 1 | |
| 1.3.0 | 0 / 0 | |
| 1.2.1 | 0 / 0 | |
| 1.2.0 | 0 / 0 | |
| 1.1.6 | 0 / 0 | |
| 1.1.5 | 0 / 0 | |
| 1.1.4 | 0 / 0 | |
| 1.1.2 | 0 / 0 | |
| 1.1.1 | 0 / 0 | |
| 1.1.0 | 0 / 0 | |
| 1.0.41 | 0 / 0 | |
| 1.0.40 | 0 / 0 | |
| 1.0.36 | 0 / 0 | |
| 1.0.32 | 0 / 0 | |
| 1.0.21 | 0 / 0 | |
| 1.0.19 | 0 / 0 | |
| 1.0.18 | 0 / 0 | |
| 1.0.14 | 0 / 0 | |
| 1.0.11 | 0 / 0 | |
| 1.0.10 | 0 / 0 | |
| 1.0.5 | 0 / 0 |
v4.6.6
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.5
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.1
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.1
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.2
50 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
46 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.3
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.2
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
24 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
21 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
17 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.6
17 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.5
15 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.