← Home

@everymatrix/lottery-tipping-page

npm
19
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js AI (source-diff): Standard Stencil build output; minified but readable, no malicious patterns. Stable for this package family. ai
source-diff net-exec-file:dist/cjs/general-multi-select_15.cjs.entry.js AI (source-diff): Network calls are styling/stream subscriptions; dynamic code execution is Stencil registerInstance — standard component framework pattern. ai
source-diff obfuscated-file:dist/esm/general-multi-select_15.entry.js AI (source-diff): Same Stencil ESM build artifact; minified CSS strings trigger long-line heuristic, not actual obfuscation. ai
source-diff net-exec-file:dist/esm/general-multi-select_15.entry.js AI (source-diff): Same pattern as CJS variant; Stencil framework calls, not dropper behavior. ai
source-diff obfuscated-file:dist/lottery-tipping-page/general-multi-select_15.entry.js AI (source-diff): Third build target of the same Stencil component; minified but readable UI logic visible in sample. ai
source-diff net-exec-file:dist/lottery-tipping-page/general-multi-select_15.entry.js AI (source-diff): Same Stencil component pattern; getAssetPath/setClientStyling are UI framework calls, not malware. ai
source-diff obfuscated-file:dist/cjs/general-multi-select_15.cjs.entry.js AI (source-diff): Stencil.js minified build artifact; long lines are minified CSS strings and component logic, not obfuscation. ai
source-diff obfuscated-file:dist/lottery-tipping-page/lottery-tipping-page-92169e63.js AI (source-diff): Minified Stencil/Rollup build artifact; pattern is consistent across all versions of this package. ai
provenance no-provenance AI (provenance): No provenance is consistent across this package's publishing history; low risk for an internal widget library. ai
npm-metadata no-description AI (npm-metadata): Stable pattern across all versions of this everymatrix widget package. ai
bogus-package bogus-package AI (bogus-package): Scoped monorepo widget package; sparse metadata and empty entry point are consistent with 255-version CI publishing pattern. ai

Versions (showing 19 of 122)

Version Deps Published
1.80.8 0 / 0
1.80.7 0 / 0
1.80.6 0 / 0
1.80.5 0 / 0
1.80.4 0 / 0
1.80.3 0 / 0
1.80.2 0 / 0
1.80.1 0 / 0
1.77.32 0 / 0
1.77.31 0 / 0
1.77.11 0 / 0
1.77.10 0 / 0
1.77.9 0 / 0
1.77.8 0 / 0
1.77.7 0 / 0
1.77.6 0 / 0
1.77.5 0 / 0
1.77.4 0 / 0
1.77.3 0 / 0

v1.80.8

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.7

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.6

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.5

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.4

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.3

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.2

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.80.1

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.32

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.31

2 findings
HIGH New obfuscated file: dist/lottery-tipping-page/lottery-tipping-page-b611e76d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.77.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.