streamdown
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/code-block-LUI4OL5H.js | AI (source-diff): ESM counterpart of the same bundled component; expected minified dist output. | ai | |
| source-diff | obfuscated-file:dist/code-block-N3EJBPUA.cjs | AI (source-diff): Standard tsup-bundled React component output; minified dist is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/code-block-F6WJLWQG.js | AI (source-diff): ESM counterpart of the same minified code-block component; same rationale. | ai | |
| source-diff | obfuscated-file:dist/code-block-EYAMROJU.cjs | AI (source-diff): Long-line minified output from tsup build; readable React/Shiki code-block component, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/chunk-4PGIZLGZ.js | AI (source-diff): Minified ESM bundle of React/remark/shiki deps; same pattern as CJS counterpart, no dropper behavior. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher is GitHub Actions CI with SLSA attestation from vercel/streamdown; expected for automated releases. | ai | |
| source-diff | net-exec-file:dist/chunk-YF6EF5DN.cjs | AI (source-diff): Minified CJS bundle of React/remark/shiki deps; no actual network fetch or eval in the sampled code. | ai | |
| source-diff | net-exec-file:dist/chunk-DQKJR6WP.cjs | AI (source-diff): Standard esbuild bundle of remark/rehype/shiki deps; no actual network fetch or dynamic eval in the sample. | ai | |
| source-diff | net-exec-file:dist/chunk-4VFFRCJP.js | AI (source-diff): ESM counterpart of the same bundle; same rationale — legitimate markdown renderer output. | ai | |
| source-diff | obfuscated-file:dist/code-block-3WZ5YY6K.cjs | AI (source-diff): Minified esbuild output for code-block component; long lines are expected from bundler, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/code-block-GEBMI5SW.js | AI (source-diff): ESM counterpart; same rationale. | ai | |
| phantom-deps | phantom-dep:esbuild | AI (phantom-deps): esbuild is a known implicit/binary dep used by tsup; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:katex | AI (phantom-deps): katex is a peer/transitive dep of rehype-katex; phantom-dep false positive for this package. | ai | |
| dependencies | unvetted-dep:hast | AI (dependencies): hast is a core unified ecosystem type/utility package; stable false positive for this markdown-processing library. | ai | |
| phantom-deps | phantom-dep:rehype-harden | AI (phantom-deps): rehype-harden is a legitimate rehype plugin for HTML hardening, used via config in the unified pipeline. Stable false positive. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): remark-parse is a legitimate remark plugin passed as config. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): remark-gfm is a legitimate remark plugin passed as config. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:rehype-raw | AI (phantom-deps): rehype-raw is a legitimate rehype plugin passed as config in the unified pipeline. Stable false positive. | ai | |
| phantom-deps | phantom-dep:marked | AI (phantom-deps): marked is a legitimate markdown dep used via config/plugin pattern. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): clsx is a legitimate dep used via config/plugin pattern in this unified/rehype pipeline, not direct ES import. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): tailwind-merge is a legitimate utility dep used via config pattern. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): unist-util-visit is a legitimate unist utility used via config/plugin pattern. Stable false positive. | ai | |
| phantom-deps | phantom-dep:html-url-attributes | AI (phantom-deps): html-url-attributes is a legitimate hast utility used via config pattern. Stable false positive. | ai | |
| phantom-deps | phantom-dep:hast-util-to-jsx-runtime | AI (phantom-deps): hast-util-to-jsx-runtime is a legitimate hast utility used via config pattern. Stable false positive. | ai | |
| phantom-deps | phantom-dep:unist-util-visit-parents | AI (phantom-deps): unist-util-visit-parents is a legitimate unist utility used via config pattern. Stable false positive. | ai | |
| phantom-deps | phantom-dep:rehype-sanitize | AI (phantom-deps): rehype-sanitize is a legitimate rehype plugin passed as config. Stable false positive for this package. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 2.5.0 | 16 / 18 | |
| 2.4.0 | 15 / 19 | |
| 2.3.0 | 15 / 19 | |
| 2.2.0 | 15 / 18 | |
| 2.1.0 | 14 / 16 | |
| 2.0.1 | 21 / 14 | |
| 2.0.0 | 21 / 14 | |
| 1.6.11 | 23 / 13 | |
| 1.6.10 | 22 / 13 | |
| 1.6.9 | 21 / 13 | |
| 1.6.8 | 20 / 14 | |
| 1.6.7 | 20 / 14 | |
| 1.6.6 | 20 / 14 | |
| 1.6.5 | 20 / 14 | |
| 1.6.4 | 20 / 14 | |
| 1.6.3 | 20 / 14 | |
| 1.6.2 | 20 / 14 | |
| 1.6.1 | 20 / 14 | |
| 1.6.0 | 20 / 14 | |
| 1.5.1 | 15 / 12 | |
| 1.5.0 | 15 / 12 |
v2.0.1
6 findingsThis version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.0
6 findingsThis version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.