@everymatrix/casino-integrated-game-page
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-DrpBKY-K.cjs | AI (source-diff): Standard minified Svelte/Stencil component bundle output; stable for this package. | ai | |
| provenance | publisher-changed | AI (provenance): emfe_release is EveryMatrix's release bot with 19k+ approved packages. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-CI-NNFSc.js | AI (source-diff): ESM variant of bundled component; stable for this package. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-BKqtiXmT.js | AI (source-diff): ESM variant of the same Svelte component bundle; stable. | ai | |
| source-diff | obfuscated-file:stencil/user-deposit-withdrawal-CNqcdWPQ.cjs | AI (source-diff): Stencil web component bundle; stable for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerDeposit-B6zM1aSk.cjs | AI (source-diff): Minified Svelte component with i18n strings; stable for this package. | ai | |
| source-diff | obfuscated-file:stencil/index-1ef3a64c-Cyk6zG0z.cjs | AI (source-diff): Stencil runtime bootstrap code, minified; stable for this package. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-Dbzdricx.js | AI (source-diff): Standard minified Svelte/Stencil build output; long lines are bundler artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-ChKrWCIw.js | AI (source-diff): Standard minified Svelte/Stencil build output; long lines are bundler artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-D0ZmbbJY.js | AI (source-diff): Standard minified Svelte/Stencil build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-DpmN0g31.cjs | AI (source-diff): Standard minified Svelte/Stencil build output; consistent with this package's established pattern across 776 versions. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-DfX5VqqY.js | AI (source-diff): Standard minified Svelte/Stencil build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerDeposit-CEIsSVoA.cjs | AI (source-diff): Standard minified Svelte/Stencil build output with readable i18n strings and CSS; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-Crhm6_cC.cjs | AI (source-diff): Standard Svelte/Stencil build bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-CrTERiuc.js | AI (source-diff): Standard Svelte/Stencil ESM bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-DGLNOMVn.js | AI (source-diff): Standard Svelte/Stencil ESM bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:stencil/user-deposit-withdrawal-Dh33YYVW.cjs | AI (source-diff): Standard Stencil lazy-load bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:components/PlayerDeposit-DP_zeXy-.cjs | AI (source-diff): Standard Svelte component bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:stencil/index-1ef3a64c-D1uFrb8w.cjs | AI (source-diff): Standard Stencil runtime bundle; consistent with all prior versions of this package. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-B79nJZyL.js | AI (source-diff): Standard minified Svelte/Stencil build output; consistent with package's established release pattern. | ai | |
| source-diff | obfuscated-file:components/CasinoIntegratedGamePage-sXNuAPBn.js | AI (source-diff): Standard minified Svelte/Stencil build output; consistent with package's established release pattern. | ai | |
| provenance | no-provenance | AI (provenance): Publisher has not enabled provenance; consistent across all 774 versions. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Stable false positive for this scoped component package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Private-label component library; no repo/description/keywords is stable for this package across all versions. | ai |
Versions (showing 14 of 116)
| Version | Deps | Published |
|---|---|---|
| 1.83.4 | 0 / 0 | |
| 1.77.9 | 0 / 0 | |
| 1.77.2 | 0 / 0 | |
| 1.76.12 | 0 / 0 | |
| 1.69.3 | 0 / 0 | |
| 1.69.2 | 0 / 0 | |
| 1.69.0 | 0 / 0 | |
| 1.68.0 | 0 / 0 | |
| 1.67.3 | 0 / 0 | |
| 1.67.0 | 0 / 0 | |
| 1.66.2 | 0 / 0 | |
| 1.66.1 | 0 / 0 | |
| 1.66.0 | 0 / 0 | |
| 1.65.3 | 0 / 0 |
v1.83.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.9
8 findingsThis version was published by a different npm account than previous versions on 2025-09-10. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.77.2
8 findingsThis version was published by a different npm account than previous versions on 2025-09-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.76.12
8 findingsThis version was published by a different npm account than previous versions on 2025-08-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.69.3
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.69.2
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.69.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.68.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.67.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.67.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.65.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.