← Home

@everymatrix/general-player-forgot-password-form-nd

npm
21
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CediPN1i.cjs AI (source-diff): Standard Rollup/Vite minified bundle output for a Svelte component; not intentionally obfuscated. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-V2TZp7-L.js AI (source-diff): Minified Svelte bundle; stable false positive. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DfpkIkXT.js AI (source-diff): Minified Svelte bundle; stable false positive. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BCPX2Z9Q.cjs AI (source-diff): Minified Svelte bundle; stable false positive. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-kuYGNEIx.js AI (source-diff): Svelte runtime network/exec pattern; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-kuYGNEIx.js AI (source-diff): Minified Svelte bundle; stable false positive for this package. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BRw2mNbz.js AI (source-diff): Same Svelte runtime pattern; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BRw2mNbz.js AI (source-diff): Same Rollup/Vite minified Svelte bundle pattern. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CediPN1i.cjs AI (source-diff): Network calls and dynamic execution are Svelte runtime patterns (fetch for i18n, dynamic component rendering), not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BNHZGebC.js AI (source-diff): Minified Vite/Rollup bundle output; readable Svelte runtime code, not obfuscation. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DQs7ZL5h.js AI (source-diff): Minified Svelte component bundle; same pattern as other files in this package. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-Dc-aW1Ro.js AI (source-diff): Minified Svelte component bundle; imports from sibling file, not obfuscation. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-vHboKcRo.js AI (source-diff): Same Svelte runtime network/DOM pattern; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-vHboKcRo.js AI (source-diff): Same minified Svelte bundle pattern; not obfuscation. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BNHZGebC.js AI (source-diff): Network calls and dynamic code are standard Svelte component fetch/DOM patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-6VkSg6vF.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CfaQEOJa.cjs AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-9bJr1hqg.cjs AI (source-diff): Network calls and dynamic code are Svelte framework patterns (fetch + Promise); no dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-9bJr1hqg.cjs AI (source-diff): Standard Svelte/Vite minified build output; not obfuscated malware. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-Bnh9kZlJ.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BmWaejpp.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-D67_z7C4.js AI (source-diff): Network calls and dynamic code are Svelte framework patterns; no dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-D67_z7C4.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-6VkSg6vF.js AI (source-diff): Network calls and dynamic code are Svelte framework patterns; no dropper behavior. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs AI (source-diff): Network calls and dynamic execution are Svelte runtime patterns, not dropper behavior. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js AI (source-diff): Network calls and dynamic execution are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js AI (source-diff): Standard Vite/Svelte minified build artifact; consistent with this package's established build pipeline. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js AI (source-diff): Network calls and dynamic execution are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js AI (source-diff): Standard Vite/Svelte minified build artifact; consistent with this package's established build pipeline. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs AI (source-diff): Standard Vite/Svelte minified build artifact; consistent with this package's established build pipeline. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-DKhLI8CP.cjs AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-C94Fg4vY.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BHCK5b0Y.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-DSdVVjUO.js AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-DSdVVjUO.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CxWaMZ-H.js AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CxWaMZ-H.js AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DUo-Gv6e.cjs AI (source-diff): Standard Svelte/Vite minified build output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-DKhLI8CP.cjs AI (source-diff): Standard Svelte/Vite minified build output; not obfuscation. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-q0Rkr7_k.cjs AI (source-diff): Standard Svelte/Vite minified bundle output; not obfuscation. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-q0Rkr7_k.cjs AI (source-diff): DOM/fetch calls in Svelte runtime bundle; not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BbOiU-Q7.cjs AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BjZsZd5D.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BjZsZd5D.js AI (source-diff): DOM/fetch calls in Svelte runtime bundle; not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-dxvMBzO1.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-dxvMBzO1.js AI (source-diff): DOM/fetch calls in Svelte runtime bundle; not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CcH-78-j.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CO22htQd.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CzyXcPLy.cjs AI (source-diff): Standard Vite/Rollup minified bundle for a Svelte component; not malicious obfuscation. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DEGxwZar.js AI (source-diff): Minified Svelte bundle; false positive. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CZ4sauHW.js AI (source-diff): Minified Svelte bundle; false positive. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CSDhpguc.cjs AI (source-diff): Minified Svelte/CJS bundle; false positive. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CWg7OQqq.js AI (source-diff): Same Svelte bundle; false positive. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CWg7OQqq.js AI (source-diff): Minified Svelte bundle; stable false positive for this package. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CGPuWytt.js AI (source-diff): Same Svelte bundle; net+exec pattern is Svelte runtime + vaadin dev detector, not malware. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CGPuWytt.js AI (source-diff): Same Svelte bundle, minified output; false positive for this package. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CzyXcPLy.cjs AI (source-diff): Network calls and dynamic code are Svelte runtime patterns (fetch for i18n/API, new Function in vaadin dev-mode detector); no dropper behavior. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BAnLT2lx.cjs AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BOGivfUg.cjs AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DViiEZCu.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CgGL8acE.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-JBlHWA1X.js AI (source-diff): Svelte runtime patterns; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-JBlHWA1X.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CUu6viTK.js AI (source-diff): Svelte runtime patterns; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CUu6viTK.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BAnLT2lx.cjs AI (source-diff): Standard Svelte/Vite minified bundle output; not obfuscation. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-zHNWL0BM.cjs AI (source-diff): Network+exec pattern is Promise/async transpilation in Svelte runtime, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-NyHeBvzg.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-D5AmVWDf.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-ByDXjWJp.cjs AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-DQXQ3vdz.js AI (source-diff): Promise/async transpilation in Svelte runtime, not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-DQXQ3vdz.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd--lcRUmPc.js AI (source-diff): Promise/async transpilation in Svelte runtime, not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd--lcRUmPc.js AI (source-diff): Standard Svelte/Vite minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-zHNWL0BM.cjs AI (source-diff): Standard Svelte/Vite minified bundle output; consistent with publisher's established build pattern. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BUHmQ4bm.cjs AI (source-diff): Standard Vite/Svelte minified bundle; hashed filename pattern consistent with build tooling across all versions. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-Dv9H1vME.js AI (source-diff): Standard Vite/Svelte minified bundle. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-Dcjz0B3u.js AI (source-diff): Standard Vite/Svelte minified bundle. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-DBjwfb5b.cjs AI (source-diff): Standard Vite/Svelte minified bundle. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-fV-zedcH.js AI (source-diff): False positive; same Svelte runtime pattern. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-fV-zedcH.js AI (source-diff): Standard Vite/Svelte minified bundle. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-DmF1pc4p.js AI (source-diff): False positive; same Svelte runtime pattern. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-DmF1pc4p.js AI (source-diff): Standard Vite/Svelte minified bundle. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BUHmQ4bm.cjs AI (source-diff): False positive; network+exec pattern matches Svelte runtime fetch/Promise patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-incAvPee.cjs AI (source-diff): Standard Vite/Svelte minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-CEQES2b4.js AI (source-diff): Standard Vite/Svelte minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordSmsForm-BF4gOAT0.js AI (source-diff): Standard Vite/Svelte minified bundle output. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-CsvFloXQ.js AI (source-diff): Standard Vite/Svelte minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-CsvFloXQ.js AI (source-diff): Svelte runtime patterns; not malicious. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-kvkTqATm.cjs AI (source-diff): Standard Vite/Svelte minified bundle output; consistent with package purpose. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-kvkTqATm.cjs AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. ai
source-diff obfuscated-file:components/GeneralPlayerForgotPasswordFormNd-BvnyJJPf.js AI (source-diff): Standard Vite/Svelte minified bundle output. ai
source-diff net-exec-file:components/GeneralPlayerForgotPasswordFormNd-BvnyJJPf.js AI (source-diff): Svelte runtime patterns; not malicious. ai
bogus-package bogus-package AI (bogus-package): Scoped monorepo component package; sparse metadata is consistent across all 401 versions. ai
semgrep semgrep:new-function-constructor AI (semgrep): Fires inside Vaadin dev-mode detector bundle code; stable false positive for this package. ai

Versions (showing 21 of 125)

Version Deps Published
1.84.2 0 / 0
1.84.1 0 / 0
1.84.0 0 / 0
1.83.12 0 / 0
1.83.11 0 / 0
1.83.10 0 / 0
1.83.9 0 / 0
1.83.8 0 / 0
1.83.7 0 / 0
1.83.6 0 / 0
1.83.5 0 / 0
1.83.4 0 / 0
1.76.3 0 / 0
1.74.10 0 / 0
1.74.3 0 / 0
1.67.3 0 / 0
1.67.0 0 / 0
1.66.2 0 / 0
1.66.1 0 / 0
1.66.0 0 / 0
1.65.3 0 / 0

v1.84.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.84.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.84.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.83.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.83.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.83.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.83.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.76.3

7 findings
HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.74.10

7 findings
HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.74.3

7 findings
HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CsE9ESWu.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-Bm5GwVTm.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: components/GeneralPlayerForgotPasswordFormNd-CqSiRmcO.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.67.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.67.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.66.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.66.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.66.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.65.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.