@everymatrix/general-player-forgot-password-form
3
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm-DKxXfeUA.js | AI (source-diff): Bundled UI component with fetch calls and Vaadin dev-mode Function(); not malicious. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm-DKxXfeUA.js | AI (source-diff): Standard bundled Svelte component output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm-CH258Cnx.cjs | AI (source-diff): Standard bundled Svelte component output; stable pattern for this package. | ai | |
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm-CH258Cnx.cjs | AI (source-diff): Bundled UI component with fetch calls and Vaadin dev-mode Function(); not malicious. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm-D3qqvJjz.js | AI (source-diff): Standard bundled Svelte component output; stable pattern for this package. | ai | |
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm-D3qqvJjz.js | AI (source-diff): Bundled UI component with fetch calls and Vaadin dev-mode Function(); not malicious. | ai | |
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm-saM-JFFv.js | AI (source-diff): Network calls and dynamic code in Svelte runtime; expected for this UI component package. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm-Bu7zIluH.cjs | AI (source-diff): Standard minified Svelte/Stencil build output; not obfuscated malware. | ai | |
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm-Bu7zIluH.cjs | AI (source-diff): Network calls and dynamic code in Svelte runtime/Vaadin dev-mode detector; expected for this UI component package. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm--cR9clKm.js | AI (source-diff): Standard minified Svelte build output; not obfuscated malware. | ai | |
| source-diff | net-exec-file:components/GeneralPlayerForgotPasswordForm--cR9clKm.js | AI (source-diff): Network calls and dynamic code in Svelte runtime; expected for this UI component package. | ai | |
| source-diff | obfuscated-file:components/GeneralPlayerForgotPasswordForm-saM-JFFv.js | AI (source-diff): Standard minified Svelte build output; not obfuscated malware. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires inside bundled Vaadin dev-mode detection code; stable build artifact pattern for this Stencil component package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Large scoped org with 1018 versions; dormancy likely reflects release cadence, not account takeover. | ai |
v1.83.4
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.65.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.