@angular-devkit/build-optimizer
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dependency is tslib, a well-known official TypeScript runtime helper library by Microsoft. Adding tslib is standard practice for Angular/TypeScript packages and poses no risk. | ai | |
| source-diff | obfuscated-file:src/purify/purify.js | AI (source-diff): Long lines are inline TypeScript sourcemaps (base64 data URIs), not obfuscation. Standard compiled TS output for this Angular DevKit build tool package. | ai | |
| source-diff | obfuscated-file:src/purify/webpack-plugin.js | AI (source-diff): Long lines are inline TypeScript sourcemaps (base64 data URIs), not obfuscation. Standard compiled TS output for this Angular DevKit build tool package. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; published by the trusted angular publisher with a strong track record. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): google-wombot is Google's official automation bot used for Angular/Google npm packages; its addition is a routine, legitimate organizational change. | ai | |
| source-diff | obfuscated-file:third_party/github.com/Microsoft/TypeScript/lib/typescript.js | AI (source-diff): This is the official Microsoft TypeScript compiler (Apache 2.0) vendored under third_party/. Minified TypeScript compiler is expected in a build-optimizer package. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is entirely due to bundling the TypeScript compiler (~7.4MB) as a third-party dependency, which is legitimate for this build tooling package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from angular to google-wombot reflects Google's documented migration to their automated publishing bot; this is a stable, legitimate organizational transition for all Angular DevKit packages. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy followed by google-wombot publish is consistent with Google's batch migration of Angular packages to automated publishing; not indicative of account takeover. | ai | |
| source-diff | obfuscated-file:src/build-optimizer/rollup-plugin.js | AI (source-diff): Long lines are due to inline base64 sourcemaps in compiled TypeScript output, not obfuscation. Standard Angular DevKit build artifact pattern. | ai | |
| source-diff | obfuscated-file:src/transforms/prefix-classes.js | AI (source-diff): Long line is a base64-encoded inline source map from TypeScript compilation, not obfuscation. Code is fully readable with Angular license headers. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:src/transforms/wrap-enums.js | AI (source-diff): Long line is a base64-encoded inline source map from TypeScript compilation, not obfuscation. Code is fully readable with Angular license headers. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:src/helpers/ast-utils.js | AI (source-diff): Long line is a base64-encoded inline source map from TypeScript compilation, not obfuscation. Code is fully readable with Angular license headers. Stable false positive for this package. | ai |
Versions (showing 100 of 277)
| Version | Deps | Published |
|---|---|---|
| 0.901.4 | 5 / 0 | |
| 0.901.3 | 5 / 0 | |
| 0.901.2 | 5 / 0 | |
| 0.901.1 | 5 / 0 | |
| 0.901.0 | 5 / 0 | |
| 0.900.7 | 5 / 0 | |
| 0.900.6 | 5 / 0 | |
| 0.900.5 | 5 / 0 | |
| 0.900.4 | 5 / 0 | |
| 0.900.3 | 5 / 0 | |
| 0.900.2 | 5 / 0 | |
| 0.900.1 | 5 / 0 | |
| 0.900.0 | 5 / 0 | |
| 0.803.29 | 5 / 0 | |
| 0.803.28 | 5 / 0 | |
| 0.803.27 | 5 / 0 | |
| 0.803.26 | 5 / 0 | |
| 0.803.25 | 5 / 0 | |
| 0.803.24 | 5 / 0 | |
| 0.803.23 | 5 / 0 | |
| 0.803.22 | 5 / 0 | |
| 0.803.21 | 5 / 0 | |
| 0.803.20 | 5 / 0 | |
| 0.803.19 | 5 / 0 | |
| 0.803.18 | 5 / 0 | |
| 0.803.17 | 5 / 0 | |
| 0.803.16 | 5 / 0 | |
| 0.803.15 | 5 / 0 | |
| 0.803.14 | 5 / 0 | |
| 0.803.13 | 5 / 0 | |
| 0.803.12 | 5 / 0 | |
| 0.803.10 | 5 / 0 | |
| 0.803.9 | 5 / 0 | |
| 0.803.8 | 5 / 0 | |
| 0.803.7 | 5 / 0 | |
| 0.803.6 | 5 / 0 | |
| 0.803.5 | 5 / 0 | |
| 0.803.4 | 5 / 0 | |
| 0.803.3 | 5 / 0 | |
| 0.803.2 | 5 / 0 | |
| 0.803.1 | 5 / 0 | |
| 0.803.0 | 5 / 0 | |
| 0.802.2 | 5 / 0 | |
| 0.802.1 | 4 / 0 | |
| 0.802.0 | 4 / 0 | |
| 0.801.3 | 4 / 0 | |
| 0.801.2 | 4 / 0 | |
| 0.801.1 | 4 / 0 | |
| 0.801.0 | 4 / 0 | |
| 0.800.6 | 4 / 0 | |
| 0.800.5 | 4 / 0 | |
| 0.800.4 | 4 / 0 | |
| 0.800.3 | 4 / 0 | |
| 0.800.2 | 4 / 0 | |
| 0.800.1 | 4 / 0 | |
| 0.800.0 | 4 / 0 | |
| 0.13.10 | 4 / 0 | |
| 0.13.9 | 4 / 0 | |
| 0.13.8 | 4 / 0 | |
| 0.13.7 | 4 / 0 | |
| 0.13.6 | 4 / 0 | |
| 0.13.5 | 4 / 0 | |
| 0.13.4 | 4 / 0 | |
| 0.13.3 | 4 / 0 | |
| 0.13.2 | 4 / 0 | |
| 0.13.1 | 4 / 0 | |
| 0.13.0 | 4 / 0 | |
| 0.12.4 | 4 / 0 | |
| 0.12.3 | 4 / 0 | |
| 0.12.2 | 4 / 0 | |
| 0.12.1 | 4 / 0 | |
| 0.12.0 | 4 / 0 | |
| 0.11.4 | 4 / 0 | |
| 0.11.3 | 4 / 0 | |
| 0.11.2 | 4 / 0 | |
| 0.11.1 | 4 / 0 | |
| 0.11.0 | 4 / 0 | |
| 0.10.7 | 4 / 0 | |
| 0.10.6 | 4 / 0 | |
| 0.10.5 | 4 / 0 | |
| 0.10.4 | 4 / 0 | |
| 0.10.3 | 4 / 0 | |
| 0.10.2 | 4 / 0 | |
| 0.10.1 | 4 / 0 | |
| 0.8.9 | 4 / 0 | |
| 0.8.8 | 4 / 0 | |
| 0.8.7 | 4 / 0 | |
| 0.8.6 | 4 / 0 | |
| 0.8.5 | 4 / 0 | |
| 0.8.4 | 4 / 0 | |
| 0.8.3 | 4 / 0 | |
| 0.8.2 | 4 / 0 | |
| 0.8.1 | 4 / 0 | |
| 0.8.0 | 4 / 0 | |
| 0.7.5 | 4 / 0 | |
| 0.7.4 | 4 / 0 | |
| 0.7.3 | 4 / 0 | |
| 0.7.2 | 4 / 0 | |
| 0.7.1 | 4 / 0 | |
| 0.7.0 | 4 / 0 |
v0.901.4
2 findingsThis version was published by a different npm account than previous versions on 2020-04-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.901.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.901.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.901.1
2 findingsThis version was published by a different npm account than previous versions on 2020-04-08. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.901.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.900.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.803.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.802.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.802.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.802.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.801.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.801.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.801.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.801.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.800.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.