superdoc
../../README.md
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/chunks/src-BMtNNJX7.cjs | AI (source-diff): Standard rolldown/vite bundle output; named imports from known libs, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BkwXMMDG.cjs | AI (source-diff): Minified bundle chunk from rolldown build; content is readable converter logic. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-NflY2Flj.es.js | AI (source-diff): Long import lines from rolldown tree-shaking; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BYsTkBYE.es.js | AI (source-diff): Same rolldown bundle pattern; named exports from prosemirror/yjs/vue. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BYsTkBYE.es.js | AI (source-diff): Network + dynamic code in bundled editor runtime; consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-l9IEJZcp.es.js | AI (source-diff): Rolldown ES bundle chunk; imports from known libs (jszip, uuid, xml-js). | ai | |
| source-diff | net-exec-file:dist/chunks/src-BMtNNJX7.cjs | AI (source-diff): Network calls and dynamic requires are part of the bundled editor/converter logic, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/chunks/src-Cr1Y8HpM.cjs | AI (source-diff): Network calls are document collaboration (yjs/websocket); dynamic execution is normal ProseMirror plugin loading. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-BjHgBUHt.es.js | AI (source-diff): Named exports from the toolbar bundle; long import list from minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CPeVyoZP.cjs | AI (source-diff): Readable bundled SuperConverter utility code; minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Cr1Y8HpM.cjs | AI (source-diff): Standard rolldown bundle of the editor's own source; readable class definitions, no malicious patterns. | ai | |
| source-diff | net-exec-file:dist/chunks/src-CyqsUyIQ.cjs | AI (source-diff): Network calls are document collaboration (yjs/websocket); dynamic execution is ProseMirror plugin system, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-Bq2sau9v.es.js | AI (source-diff): Minified toolbar component bundle with readable named exports; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-Po3quZJH.cjs | AI (source-diff): Minified DOCX converter bundle; readable OSS code, standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CyqsUyIQ.cjs | AI (source-diff): Minified main bundle of the superdoc editor; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DZJYCl5t.cjs | AI (source-diff): Standard minified bundle; sample shows normal module imports and class definitions. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-Cd6C7a05.es.js | AI (source-diff): Minified ES module bundle for toolbar component; normal build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-8P_hzCoh.cjs | AI (source-diff): Minified rolldown bundle for the SuperConverter module; normal build output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DZJYCl5t.cjs | AI (source-diff): Network and eval patterns in a document editor bundle are expected; no dropper behavior in sample. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BRAVBxfU.cjs | AI (source-diff): Minified main bundle; readable imports and no malicious patterns. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BRAVBxfU.cjs | AI (source-diff): Network calls are part of the collaborative editing feature (yjs/websocket); no dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-xjqjtPWl.es.js | AI (source-diff): Minified toolbar bundle with readable named exports; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-Jn6OLu2P.cjs | AI (source-diff): Minified SuperConverter bundle; standard rolldown build artifact. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BUg7BUh2.cjs | AI (source-diff): Network calls in a document editor bundle are expected (collaboration/websocket); no dropper pattern visible. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BUg7BUh2.cjs | AI (source-diff): Minified main bundle; readable imports and class definitions, consistent with vite build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-PjZnKuEX.es.js | AI (source-diff): Minified toolbar bundle with readable named exports; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CxVgDCE8.cjs | AI (source-diff): Minified SuperConverter bundle; readable class/function structure, standard vite output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-bXIAZ-Uv.cjs | AI (source-diff): Minified main source bundle with ProseMirror/Vue/Yjs; standard build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/rehype-parse-CqW8cfpB.cjs | AI (source-diff): Minified rehype-parse library bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/blank-docx-CS2GojjU.cjs | AI (source-diff): Base64-encoded blank DOCX template embedded as data URI; standard pattern for this document editor package. | ai | |
| source-diff | obfuscated-file:dist/chunks/blank-docx-1Y-uWgjm.es.js | AI (source-diff): Same base64 DOCX template, ES module variant; benign embedded asset. | ai | |
| source-diff | obfuscated-file:dist/chunks/create-headless-toolbar-CAjlOJ3Q.es.js | AI (source-diff): Minified toolbar bundle; standard build output for this document editor. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-Cqrea7mc.cjs | AI (source-diff): Minified SuperConverter bundle; legitimate build artifact for this package. | ai | |
| source-diff | net-exec-file:dist/chunks/src-bXIAZ-Uv.cjs | AI (source-diff): Network calls are document collaboration (Yjs/WebSocket); dynamic execution is ProseMirror plugin system, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-9bb-fNQI.es.js | AI (source-diff): Main bundled ES chunk; same legitimate editor code in ES module form. | ai | |
| source-diff | net-exec-file:dist/chunks/src-9bb-fNQI.es.js | AI (source-diff): Same pattern in ES module form; legitimate editor networking, not malware. | ai | |
| source-diff | net-exec-file:dist/chunks/src-CqD81-WJ.cjs | AI (source-diff): Network calls are document collaboration (Yjs/WebSocket); dynamic execution is ProseMirror plugin system, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CkLY-4Vz.es.js | AI (source-diff): ES module form of SuperConverter; benign minified dist. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-lAXyKD_0.cjs | AI (source-diff): SuperConverter DOCX processing bundle; readable utility code, standard minified output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CqD81-WJ.cjs | AI (source-diff): Main bundled CJS chunk; readable ProseMirror/Vue/Yjs code, standard minified dist. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Jjjx6UC7.es.js | AI (source-diff): ES module form of main editor bundle; same benign pattern. | ai | |
| source-diff | net-exec-file:dist/chunks/src-Jjjx6UC7.es.js | AI (source-diff): Same pattern in ES module form; collaboration + editor plugin system, not malware. | ai | |
| source-diff | net-exec-file:dist/chunks/src-6HZGrOBO.cjs | AI (source-diff): Network calls are document collaboration (yjs/hocuspocus); dynamic exec is ProseMirror plugin system, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CnwfJPj6.es.js | AI (source-diff): ES module form of SuperConverter bundle; benign. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-DvnaVlrl.cjs | AI (source-diff): Bundled SuperConverter module; readable utility functions, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-6HZGrOBO.cjs | AI (source-diff): Rolldown-bundled main editor chunk; readable ProseMirror/Vue internals. | ai | |
| source-diff | net-exec-file:dist/chunks/src-CHoIUJDT.cjs | AI (source-diff): Network+exec pattern is ProseMirror/yjs collaboration code; not malicious for this document editor. | ai | |
| source-diff | net-exec-file:dist/chunks/src-4yurqSRL.es.js | AI (source-diff): Same pattern in ES module form; legitimate collaboration/editor functionality. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CMMmelrE.es.js | AI (source-diff): Minified SuperConverter ES bundle; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CQ9fytnF.cjs | AI (source-diff): Minified SuperConverter bundle; expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-4yurqSRL.es.js | AI (source-diff): Minified main source ES bundle; expected rolldown build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CHoIUJDT.cjs | AI (source-diff): Minified main source bundle (ProseMirror/yjs/Vue); expected rolldown build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-MIfCBjT0.cjs | AI (source-diff): Minified main editor bundle; normal dist output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-MIfCBjT0.cjs | AI (source-diff): Network calls are to collaboration/YJS endpoints; dynamic exec is standard ProseMirror plugin pattern. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BSfRdX8D.cjs | AI (source-diff): Minified SuperConverter bundle; normal dist output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-B7PReu7I.es.js | AI (source-diff): ESM variant of main editor bundle; normal dist output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-B7PReu7I.es.js | AI (source-diff): Same rationale as CJS variant; collaboration/YJS network calls, ProseMirror plugin dynamic exec. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CEo_K44C.es.js | AI (source-diff): ESM variant of SuperConverter bundle; normal dist output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-B8dISUB0.cjs | AI (source-diff): Main bundled CJS chunk with readable ProseMirror/Vue/yjs code; minified not obfuscated. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BrQf9ogl.es.js | AI (source-diff): Same as CJS variant; legitimate collaboration/editor network usage. | ai | |
| source-diff | net-exec-file:dist/chunks/src-B8dISUB0.cjs | AI (source-diff): Network calls are fetch/HTTP for document collaboration; dynamic execution is Vue/ProseMirror plugin system, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-OUSSoU6N.es.js | AI (source-diff): ES module variant of SuperConverter chunk; benign. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-B3IrCkgd.cjs | AI (source-diff): SuperConverter bundled chunk with readable identifiers; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BrQf9ogl.es.js | AI (source-diff): Main bundled ES chunk; same pattern as CJS variant, legitimate bundled output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BgMjNKht.cjs | AI (source-diff): Minified main source bundle; standard vite/rolldown build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BBrzKfHe.es.js | AI (source-diff): Minified SuperConverter ESM bundle; standard vite/rolldown build output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-5ShikURA.es.js | AI (source-diff): Network calls and dynamic imports are part of the document editor runtime, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-5ShikURA.es.js | AI (source-diff): Minified main ESM source bundle; standard vite/rolldown build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-6rYi7ar5.cjs | AI (source-diff): Minified SuperConverter bundle; standard vite/rolldown build output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BgMjNKht.cjs | AI (source-diff): Network calls and dynamic requires are part of the document editor runtime, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DCBdXrbu.cjs | AI (source-diff): Network calls are legitimate document/image processing; dynamic code execution is standard bundler runtime pattern. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CfdUAB0u.es.js | AI (source-diff): ESM build of SuperConverter; long import lines from rolldown bundler, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-D44hiM0O.es.js | AI (source-diff): Same pattern as CJS counterpart; legitimate bundled application code. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-D44hiM0O.es.js | AI (source-diff): ESM build artifact with long import lines; content is legitimate editor/ProseMirror code. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CnMuZGMN.cjs | AI (source-diff): Minified build chunk for docx converter; no obfuscation indicators in readable sample. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DCBdXrbu.cjs | AI (source-diff): Large minified build artifact from rolldown bundler; readable application code, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/chunks/src-Cd_aG5uI.cjs | AI (source-diff): Network calls are WebSocket/collaboration features; dynamic execution is ProseMirror plugin system, not dropper behavior. | ai | |
| phantom-deps | phantom-dep:@types/mdast | AI (phantom-deps): @types packages are type-only; not imported at runtime. | ai | |
| phantom-deps | phantom-dep:@types/ws | AI (phantom-deps): @types packages are type-only; not imported at runtime. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DhKdynxr.es.js | AI (source-diff): Same as CJS variant; legitimate editor networking and plugin execution. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BAM0HGH2.es.js | AI (source-diff): ES module SuperConverter chunk; benign. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BtJwbfA-.cjs | AI (source-diff): SuperConverter bundle chunk; legitimate DOCX converter code. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DhKdynxr.es.js | AI (source-diff): ES module main bundle chunk; minified editor code, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Cd_aG5uI.cjs | AI (source-diff): Main rolldown bundle chunk; minified but clearly legitimate editor code. | ai | |
| source-diff | net-exec-file:dist/chunks/src-CNYOR71T.es.js | AI (source-diff): Same pattern as CJS counterpart; collaboration/module loading, not malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CNYOR71T.es.js | AI (source-diff): ESM variant of main editor bundle; legitimate rolldown output. | ai | |
| source-diff | obfuscated-file:dist/chunks/rehype-parse-Bqh8zIfr.cjs | AI (source-diff): Minified bundler output of rehype-parse; legitimate HTML parsing library. | ai | |
| source-diff | obfuscated-file:dist/chunks/rehype-parse-DyKLXYD2.es.js | AI (source-diff): ESM variant of rehype-parse bundle; legitimate. | ai | |
| source-diff | obfuscated-file:dist/chunks/blank-docx-CDDHd6CH.es.js | AI (source-diff): Same base64 DOCX template as CJS counterpart; ESM variant. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-sVWLyGSL.cjs | AI (source-diff): Minified bundler output of SuperConverter; legitimate DOCX conversion library. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DbnoEu1l.cjs | AI (source-diff): Network calls are editor collaboration features (yjs); dynamic code is standard module loading. | ai | |
| source-diff | obfuscated-file:dist/chunks/blank-docx-ax4Y9RoQ.cjs | AI (source-diff): Base64-encoded blank DOCX template embedded as data URI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DbnoEu1l.cjs | AI (source-diff): Minified rolldown bundle of main editor source; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-Db_xyB45.es.js | AI (source-diff): ESM variant of SuperConverter bundle; legitimate. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-CWI4NbKU.es.js | AI (source-diff): ES module chunk with readable named imports; standard Vite build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-DCmsKDv1.cjs | AI (source-diff): Standard Vite chunk output; minified but not obfuscated, contains readable library code. | ai | |
| source-diff | net-exec-file:dist/chunks/index-DCmsKDv1.cjs | AI (source-diff): Network/exec pattern in bundled editor code; no exfiltration or dropper behavior visible. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-VeJEcjsk.cjs | AI (source-diff): Vite chunk of SuperConverter; CRC table and jszip bundling is expected build output. | ai | |
| source-diff | net-exec-file:dist/chunks/index-CWI4NbKU.es.js | AI (source-diff): Same file as above; no malicious network/exec pattern. | ai | |
| source-diff | net-exec-file:dist/chunks/jszip-BjHgpFjf.es.js | AI (source-diff): Bundled jszip library; base64/buffer code is standard jszip internals. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CQG__OC1.es.js | AI (source-diff): ES module chunk of SuperConverter; readable imports, no obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/xml-js-DSiO9tqd.es.js | AI (source-diff): Bundled xml-js/sax/EventEmitter; standard library code, no malicious behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-34uUhkLK.es.js | AI (source-diff): ES module counterpart of SuperConverter CJS chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-B1fYHM58.cjs | AI (source-diff): Minified build artifact; CRC table and module interop are expected in a DOCX converter bundle. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-Njo1Qyb2.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output for a document editor; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-DUQPxq05.es.js | AI (source-diff): Standard Vite ES module chunk; long import lines are normal for tree-shaken bundles. | ai | |
| source-diff | net-exec-file:dist/chunks/index-DUQPxq05.es.js | AI (source-diff): Same rationale as CJS counterpart; legitimate collaboration networking. | ai | |
| source-diff | net-exec-file:dist/chunks/index-Njo1Qyb2.cjs | AI (source-diff): Network use is yjs/websocket collaboration; dynamic patterns are standard module interop, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-2be1QNnt.cjs | AI (source-diff): Standard Vite/Rollup CJS bundle; CRC table and long lines are normal minified output. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-CE2vY3XR.cjs | AI (source-diff): Standard Vite/Rollup CJS bundle output; long lines are minified imports, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/index-CE2vY3XR.cjs | AI (source-diff): Network calls and dynamic code are part of the editor's documented functionality, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-B8IKLpWt.es.js | AI (source-diff): Standard Vite/Rollup ESM bundle output; long import lines are not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/index-B8IKLpWt.es.js | AI (source-diff): Same pattern as CJS counterpart; legitimate editor bundle functionality. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-Bb9tcXJh.es.js | AI (source-diff): Standard Vite/Rollup ESM bundle; CRC table and long lines are normal minified output. | ai | |
| source-diff | net-exec-file:dist/chunks/index-ClQ2DTZb.cjs | AI (source-diff): Network calls and dynamic code are part of the document editor's legitimate functionality (e.g. fetching DOCX resources). | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-sfP7jOr1.cjs | AI (source-diff): Standard Vite/Rollup bundle; sampled code is readable ProseMirror/OrderedMap logic. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-B9Jx-TG0.es.js | AI (source-diff): Standard Vite/Rollup ES module bundle; long import lines are normal for bundled output. | ai | |
| source-diff | net-exec-file:dist/chunks/index-B9Jx-TG0.es.js | AI (source-diff): Same pattern as CJS counterpart; legitimate document editor functionality. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BfWET8X-.es.js | AI (source-diff): Standard Vite/Rollup ES module bundle of SuperConverter; readable helper imports. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-ClQ2DTZb.cjs | AI (source-diff): Standard Vite/Rollup bundle output; long lines are minified but readable JS, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/super-editor/chunks/toolbar-D_quD2MT.js | AI (source-diff): Toolbar bundle; network calls are part of the collaborative editor infrastructure. | ai | |
| source-diff | net-exec-file:dist/chunks/super-editor.es-DMM5V_xH.es.js | AI (source-diff): Same pattern as other bundles; legitimate editor networking. | ai | |
| source-diff | net-exec-file:dist/chunks/index-Cq6OiREA.es.js | AI (source-diff): ES module index bundle; hocuspocus/yjs imports are expected for collaborative editing. | ai | |
| source-diff | net-exec-file:dist/super-editor/chunks/docx-zipper-DPyiPPhT.js | AI (source-diff): jszip bundled for DOCX handling; commonjsRequire shim is standard rollup output. | ai | |
| source-diff | net-exec-file:dist/super-editor/chunks/converter-BCm2B4dw.js | AI (source-diff): Legitimate DOCX converter bundle; network calls are part of editor collaboration features. | ai | |
| source-diff | net-exec-file:dist/chunks/super-editor.es-CGNC6tAJ.cjs | AI (source-diff): Same pattern: hocuspocus/yjs networking in a collaborative editor bundle, no malicious payload. | ai | |
| source-diff | net-exec-file:dist/chunks/index-ZK0kNpzs.cjs | AI (source-diff): Network calls are hocuspocus WebSocket provider; dynamic code is standard module interop patterns in bundled output. | ai | |
| source-diff | obfuscated-file:dist/chunks/super-editor.es-DMM5V_xH.es.js | AI (source-diff): Standard Vite/Rollup minified bundle; legitimate editor code. | ai | |
| source-diff | obfuscated-file:dist/super-editor/chunks/editor-C_2-zSB4.js | AI (source-diff): Standard Vite/Rollup minified bundle; legitimate editor code. | ai | |
| source-diff | obfuscated-file:dist/super-editor/chunks/converter-BCm2B4dw.js | AI (source-diff): Standard Vite/Rollup minified bundle; legitimate DOCX converter code. | ai | |
| source-diff | obfuscated-file:dist/chunks/super-editor.es-CGNC6tAJ.cjs | AI (source-diff): Standard Vite/Rollup minified bundle for a rich-text editor; long lines are expected build output. | ai | |
| source-diff | net-exec-file:dist/chunks/index-djnkQS7F.es.js | AI (source-diff): Network calls and dynamic code are part of the editor's documented functionality, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-DPCK3Mwj.es.js | AI (source-diff): Standard Vite/Rollup minified bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-_uvs3ESp.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/index-_uvs3ESp.cjs | AI (source-diff): Network calls and dynamic code are part of the editor's documented functionality, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BTbkGiQV.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/index-djnkQS7F.es.js | AI (source-diff): Standard Vite/Rollup minified bundle output; not obfuscation. | ai | |
| dependencies | unvetted-dep:tippy | AI (dependencies): tippy is declared but not directly imported per phantom-dep analysis; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-6vO2L7MV.es.js | AI (source-diff): ES module rolldown chunk for DOCX converter; imports are readable and match declared deps (jszip, xml-js, uuid, remark-gfm, etc.). | ai | |
| source-diff | net-exec-file:dist/chunks/src-Cjj51bgR.es.js | AI (source-diff): Same pattern as CJS counterpart; legitimate document editor network+dynamic rendering, not malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Cjj51bgR.es.js | AI (source-diff): ES module rolldown chunk; long import line is standard tree-shaken bundle output with readable symbol names matching the package's documented API. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CNmEpe3G.cjs | AI (source-diff): Rolldown-bundled DOCX converter chunk; long lines are minified legitimate code (jszip, xml-js, uuid, remark-gfm imports visible in sample). | ai | |
| source-diff | net-exec-file:dist/chunks/src-CqSNXqMy.cjs | AI (source-diff): Network+exec heuristic fires on legitimate document editor code (URL-based doc loading + dynamic Vue rendering). No actual dropper/loader pattern in samples. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CqSNXqMy.cjs | AI (source-diff): Large minified rolldown bundle chunk; standard build output for this document editor library. Code samples show legitimate ProseMirror/DOCX logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-DPILugtg.es.js | AI (source-diff): ES module SuperConverter bundle; minified but semantically clear DOCX conversion code. Standard Rolldown output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CCILZuc9.cjs | AI (source-diff): Minified Rolldown bundle for DOCX conversion utilities. Long lines are standard minification artifact, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-6kViff8n.es.js | AI (source-diff): ES module variant of the main bundle; long import lines are standard Rolldown minification output for a large document editor. | ai | |
| source-diff | net-exec-file:dist/chunks/src-6kViff8n.es.js | AI (source-diff): Same pattern as CJS variant; network + dynamic exec is DOCX resource handling + bundler wrapper, not malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-YxRbp6mf.cjs | AI (source-diff): Minified Rolldown bundle output for a document editor; long lines are standard minification, not obfuscation. Content is semantically clear ProseMirror/DOCX code. | ai | |
| source-diff | net-exec-file:dist/chunks/src-YxRbp6mf.cjs | AI (source-diff): Network calls are for DOCX resource fetching (fonts, images); dynamic execution is bundler __commonJSMin wrapper. Expected for a document editor package. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-EB-4Jyc0.cjs | AI (source-diff): Standard rolldown-bundled dist artifact for a large document editor library; long lines are minified output, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-D5mUVpIj.es.js | AI (source-diff): Standard rolldown-bundled ESM dist artifact for document conversion; minified output expected for this package. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BpcifWED.es.js | AI (source-diff): Network utilities in bundled ESM output are legitimate document editor functionality, not malware indicators. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BpcifWED.es.js | AI (source-diff): Standard rolldown-bundled ESM dist artifact; long import lines are minified bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-D4WiLj5H.cjs | AI (source-diff): Standard rolldown-bundled dist artifact; minified lines are expected for this large document conversion library chunk. | ai | |
| source-diff | net-exec-file:dist/chunks/src-EB-4Jyc0.cjs | AI (source-diff): Network utilities (getArrayBufferFromUrl, dataUriToArrayBuffer) and dynamic patterns are legitimate document editor functionality in bundled output, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BDWlIUQK.es.js | AI (source-diff): net-exec triggered by bundler interop helpers, not actual malicious network+code-execution pattern. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-B5nQAHIX.es.js | AI (source-diff): Standard ES module build artifact with long import lines. Sample shows readable document conversion utilities. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DPA8iZZy.cjs | AI (source-diff): Standard Rolldown/Vite build artifact with long lines from bundled imports. Code is semantically readable; not obfuscated. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DPA8iZZy.cjs | AI (source-diff): net-exec pattern triggered by __commonJSMin bundler wrapper + module imports, not actual network fetch + eval. Legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-ZVB6_vO1.cjs | AI (source-diff): Standard Rolldown build artifact. Sample shows readable utility functions (getExtensionConfigField, callOrGet, etc.). Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BDWlIUQK.es.js | AI (source-diff): Long lines are ES module re-exports from bundler chunking, not obfuscation. Legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-C3J47b6h.cjs | AI (source-diff): Standard minified bundle artifact. Contents show DOCX conversion utilities with readable function names. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-DUDMX1z2.es.js | AI (source-diff): Standard minified ES module bundle for DOCX converter. Contents show domain-specific DOCX utilities. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-Z2QvzSJ2.es.js | AI (source-diff): Network + dynamic code patterns are expected in a collaborative document editor. Not malware indicators in this context. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Z2QvzSJ2.es.js | AI (source-diff): Standard minified ES module bundle. Long lines are large named import statements typical of Rolldown output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-FfrpKK6k.cjs | AI (source-diff): Network code (yjs/websocket collaboration) + dynamic patterns are expected in a collaborative document editor bundle. Not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-FfrpKK6k.cjs | AI (source-diff): Standard minified/bundled build artifact from Vite/Rolldown pipeline. Long lines are import statements in bundled output, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/chunks/src-DN9Na9SW.cjs | AI (source-diff): Network calls are document fetch utilities (getArrayBufferFromUrl); dynamic execution is bundler runtime helpers. No malware indicators in code samples. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BL6WX-iN.es.js | AI (source-diff): Minified Vite/Rollup ES module chunk for DOCX conversion. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-DzhKTCkK.cjs | AI (source-diff): Minified Vite/Rollup CJS chunk for DOCX conversion logic. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-rbevhPXm.es.js | AI (source-diff): Minified Vite/Rollup ES module chunk. Standard build artifact for superdoc's document editor. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-DN9Na9SW.cjs | AI (source-diff): Minified Vite/Rollup build chunk for a mature document editor package. Long lines are standard bundler output, not malicious obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-rbevhPXm.es.js | AI (source-diff): Same pattern as CJS counterpart — document editor network utilities and bundler runtime. Not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-gf0m4KFj.cjs | AI (source-diff): Minified build output for superdoc's SuperConverter component; standard bundler minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-Bsfrpw66.cjs | AI (source-diff): Minified Rolldown/Vite build output for superdoc's main bundle; long lines are standard bundler output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-Bsfrpw66.cjs | AI (source-diff): The __commonJSMin wrapper and require() calls are Rolldown bundler patterns for CJS interop, not dropper/loader malware. | ai | |
| source-diff | net-exec-file:dist/chunks/xml-js-40FWvL78.es.js | AI (source-diff): Bundled xml-js ES module with __commonJSMin EventEmitter polyfill; standard Rolldown CJS interop, not malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-BH76SBf4.es.js | AI (source-diff): Minified ES module build of SuperConverter; standard bundler output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-CT6a0iHK.es.js | AI (source-diff): ES module bundle with __commonJSMin for CJS interop; standard Rolldown bundler pattern, not malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-CT6a0iHK.es.js | AI (source-diff): Minified ES module build output; long import lines are standard Rolldown/Vite chunking, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/xml-js-Ngx2Gkum.cjs | AI (source-diff): Bundled xml-js library with EventEmitter polyfill via __commonJSMin; standard Rolldown CJS interop pattern. | ai | |
| source-diff | net-exec-file:dist/chunks/src-BelHPNN1.cjs | AI (source-diff): Network calls (getArrayBufferFromUrl for DOCX assets) and dynamic module loading (__commonJSMin/__toESM) are standard bundler patterns for this document editor library. | ai | |
| source-diff | net-exec-file:dist/chunks/xml-js-BtmJ6bNs.es.js | AI (source-diff): ES module bundle of xml-js with Rolldown runtime; standard bundled Node.js polyfills, not malicious. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-U6zOu8ne.es.js | AI (source-diff): ES module bundle of SuperConverter; minified output with long lines is expected for this DOCX conversion library. | ai | |
| source-diff | net-exec-file:dist/chunks/src-erQq2m1B.es.js | AI (source-diff): Same pattern as CJS counterpart; bundler runtime helpers and document fetch utilities are expected for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-erQq2m1B.es.js | AI (source-diff): ES module bundle output; long import lines are standard for tree-shaken ProseMirror/Yjs editor bundles. | ai | |
| source-diff | net-exec-file:dist/chunks/xml-js-BSBcz9nt.cjs | AI (source-diff): Standard bundled EventEmitter/xml-js code with Rolldown runtime helpers; no malicious network endpoints or payload execution. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-C13T_sSt.cjs | AI (source-diff): Minified Rolldown bundle output for the SuperConverter module; long lines are expected for bundled DOCX conversion code. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-BelHPNN1.cjs | AI (source-diff): Minified bundle output from Rolldown build pipeline; long lines are standard for bundled document editor code, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunks/src-pIcEfQ1H.cjs | AI (source-diff): Network calls are for DOCX image/font fetching; dynamic code patterns are standard module bundler wrappers. No malware indicators in sampled code. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-fARcLvwG.es.js | AI (source-diff): Minified Rolldown ES module build artifact for DOCX conversion; long lines are standard bundler output. | ai | |
| source-diff | net-exec-file:dist/chunks/src-D8mQ5_ta.es.js | AI (source-diff): Network calls are for DOCX asset fetching; dynamic code patterns are standard ES module bundler wrappers. No malware indicators. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-D8mQ5_ta.es.js | AI (source-diff): Minified Rolldown/Vite ES module build artifact; long lines are standard bundler output. | ai | |
| source-diff | obfuscated-file:dist/chunks/SuperConverter-CnJvJsU3.cjs | AI (source-diff): Minified Rolldown build artifact for DOCX conversion logic; long lines are standard bundler output. | ai | |
| source-diff | obfuscated-file:dist/chunks/src-pIcEfQ1H.cjs | AI (source-diff): Minified Rolldown/Vite build artifact for a document editor; long lines are standard bundler output, not obfuscation. Stable for this package. | ai | |
| dependencies | unvetted-dep:naive-ui | AI (dependencies): naive-ui is a well-known, widely-used Vue 3 UI component library. Its use here is legitimate and not a security concern. | ai | |
| phantom-deps | phantom-dep:naive-ui | AI (phantom-deps): naive-ui is declared but not directly imported; referenced only in config files. Consistent with build tooling usage across versions of this package. | ai | |
| phantom-deps | phantom-dep:tippy | AI (phantom-deps): tippy is declared but not directly imported; referenced only in config files. Consistent with build tooling usage across versions of this package. | ai | |
| phantom-deps | phantom-dep:jsdom | AI (phantom-deps): jsdom is a legitimate test/build dependency; phantom-dep pattern is stable for this package. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-copy | AI (phantom-deps): rollup-plugin-copy is a legitimate build tool dependency; phantom-dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:buffer-crc32 | AI (phantom-deps): buffer-crc32 is a legitimate utility dependency; phantom-dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:y-websocket | AI (phantom-deps): y-websocket is a legitimate collaboration dependency; phantom-dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): uuid is a legitimate build/config dependency for this Vue library; phantom-dep pattern is stable. | ai | |
| dependencies | unvetted-dep:rollup-plugin-copy | AI (dependencies): rollup-plugin-copy is a standard build utility; its presence in dependencies (vs devDependencies) is unusual but not malicious. | ai | |
| license | copyleft-license:AGPL-3.0 | AI (license): superdoc explicitly uses AGPL-3.0; this is a licensing concern for consumers, not a security issue. | ai | |
| dependencies | unvetted-dep:konva | AI (dependencies): konva is a well-known 2D canvas library; legitimate dependency for a document editor package. | ai |
Versions (showing 51 of 104)
| Version | Deps | Published |
|---|---|---|
| 1.39.0 | 11 / 26 | |
| 1.38.0 | 11 / 25 | |
| 1.37.0 | 11 / 25 | |
| 1.36.1 | 11 / 25 | |
| 1.36.0 | 11 / 25 | |
| 1.35.0 | 11 / 25 | |
| 1.34.0 | 11 / 25 | |
| 1.33.1 | 11 / 25 | |
| 1.33.0 | 11 / 25 | |
| 1.32.0 | 11 / 25 | |
| 1.31.2 | 9 / 24 | |
| 1.31.1 | 9 / 24 | |
| 1.31.0 | 9 / 24 | |
| 1.30.1 | 9 / 24 | |
| 1.30.0 | 9 / 24 | |
| 1.29.1 | 9 / 24 | |
| 1.29.0 | 9 / 24 | |
| 1.28.0 | 9 / 24 | |
| 1.27.0 | 9 / 24 | |
| 1.26.0 | 9 / 24 | |
| 1.25.0 | 9 / 24 | |
| 1.24.2 | 9 / 24 | |
| 1.24.1 | 9 / 24 | |
| 1.24.0 | 9 / 24 | |
| 1.23.1 | 9 / 24 | |
| 1.23.0 | 9 / 24 | |
| 1.22.0 | 9 / 24 | |
| 1.21.1 | 9 / 24 | |
| 1.21.0 | 9 / 24 | |
| 1.20.0 | 9 / 24 | |
| 1.19.1 | 9 / 24 | |
| 1.19.0 | 9 / 24 | |
| 1.18.2 | 10 / 24 | |
| 1.18.1 | 10 / 24 | |
| 1.18.0 | 10 / 24 | |
| 1.17.0 | 10 / 24 | |
| 1.16.0 | 10 / 21 | |
| 1.15.0 | 10 / 21 | |
| 1.14.0 | 10 / 21 | |
| 1.13.1 | 10 / 21 | |
| 1.13.0 | 10 / 21 | |
| 1.12.0 | 10 / 21 | |
| 1.11.0 | 9 / 21 | |
| 1.10.0 | 9 / 21 | |
| 1.9.0 | 9 / 21 | |
| 1.8.3 | 9 / 19 | |
| 1.8.2 | 9 / 19 | |
| 1.8.1 | 9 / 19 | |
| 1.8.0 | 9 / 19 | |
| 1.7.0 | 9 / 19 | |
| 1.6.1 | 9 / 20 |
v1.39.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (caio-pizzol) than the most recent previously approved version (harbournick) on 2026-05-29, but caio-pizzol is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.37.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (caio-pizzol) than the most recent previously approved version (harbournick) on 2026-05-27, but caio-pizzol is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.36.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (caio-pizzol) than the most recent previously approved version (harbournick) on 2026-05-27, but caio-pizzol is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.36.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (caio-pizzol) than the most recent previously approved version (harbournick) on 2026-05-26, but caio-pizzol is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.35.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (caio-pizzol) than the most recent previously approved version (harbournick) on 2026-05-22, but caio-pizzol is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.34.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.2
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.30.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.30.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.29.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.28.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.27.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.22.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.