@everymatrix/lottery-oddsbom-ticket-result
3
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Internal org maintainer rotation within @everymatrix. | ai | |
| provenance | publisher-changed | AI (provenance): Internal @everymatrix org publisher rotation; both accounts publish org-scoped packages. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-f2597018.js | AI (source-diff): Standard ESM build output from Stencil compiler; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-f2597018.js | AI (source-diff): Minified lazy-load bundle from Stencil; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-c45be7fd.js | AI (source-diff): Standard CJS build output from Stencil compiler; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-1af52317.js | AI (source-diff): Standard minified Stencil bundle output; long lines are minified JS, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-752aef79.js | AI (source-diff): Standard minified Stencil ESM bundle; same pattern as CJS counterpart. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-752aef79.js | AI (source-diff): Minified widget bundle for unpkg/CDN distribution; expected artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-9c4f0592.js | AI (source-diff): Standard minified CJS bundle; samples show readable utility code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-65e9c8f5.js | AI (source-diff): Standard minified Stencil/Rollup ESM bundle; no malicious content in samples. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-65e9c8f5.js | AI (source-diff): Standard minified bundle variant; same benign content as ESM counterpart. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-b0c12185.js | AI (source-diff): Standard minified Stencil dist bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-b0c12185.js | AI (source-diff): Standard minified Stencil ESM build bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-08d2687d.js | AI (source-diff): Standard minified Stencil build bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal @everymatrix widget component; missing metadata is expected for private enterprise packages published via JFrog Artifactory. | ai | |
| provenance | no-provenance | AI (provenance): Published via private JFrog Artifactory registry; provenance attestation not expected for internal packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal component package; missing description is consistent across the @everymatrix package family. | ai |
v0.0.3
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.