@everymatrix/lottery-tipping-ticket-controller
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-a62bd4e8.js | AI (source-diff): Standard Stencil.js minified build output; consistent pattern across all versions of this package. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-71cc1f83.js | AI (source-diff): Standard Stencil.js minified build output; consistent pattern across all versions of this package. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-71cc1f83.js | AI (source-diff): Standard Stencil.js minified build output; consistent pattern across all versions of this package. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-d705ad02.js | AI (source-diff): fetch() loads user-supplied CSS URL; innerHTML sets styles. Documented widget theming pattern, not dropper malware. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-d705ad02.js | AI (source-diff): fetch() loads user-supplied CSS URL; innerHTML sets styles. Documented widget theming pattern, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-0ac12c3a.js | AI (source-diff): Standard Stencil.js minified build output; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-0ac12c3a.js | AI (source-diff): fetch() loads user-supplied CSS URL; innerHTML sets styles. Documented widget theming pattern, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-d705ad02.js | AI (source-diff): Standard Stencil.js minified build output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-d705ad02.js | AI (source-diff): Standard Stencil.js minified build output; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-d4128bfe.js | AI (source-diff): Same framework-level network/exec pattern as other dist files; not malicious. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-d4128bfe.js | AI (source-diff): Framework-level Promise/fetch usage in minified ESM bundle; not malicious. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-d4128bfe.js | AI (source-diff): Standard minified ESM build artifact; same pattern as CJS counterpart. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-2ef33643.js | AI (source-diff): Network/Promise usage is Lit/Stencil framework internals, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-2ef33643.js | AI (source-diff): Standard minified Stencil/Lit build output; consistent pattern across all versions of this package. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-d4128bfe.js | AI (source-diff): Third distribution format of the same minified build; consistent with package structure. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-15f47527.js | AI (source-diff): Standard Stencil.js CJS build output with readable utility functions; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/index-e3ec645c.js | AI (source-diff): Standard Stencil.js minified build output; consistent with all prior versions of this widget package. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-cdb985e7.js | AI (source-diff): Standard Stencil.js ESM build output; consistent with this package's build pattern. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-cdb985e7.js | AI (source-diff): Minified Stencil.js component bundle with i18n strings and CSS helpers; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-b87c30f7.js | AI (source-diff): CJS variant of the same bundled component code. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-7a6a1ebd.js | AI (source-diff): Bundled Vaadin/Lit component code; minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-7a6a1ebd.js | AI (source-diff): Same bundle in lazy-load dist format; stable pattern. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-f9e9a7e5.js | AI (source-diff): CJS variant of the same minified Stencil build; false positive. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-f9e9a7e5.js | AI (source-diff): CJS variant of the same minified Stencil build; false positive. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-994769e7.js | AI (source-diff): Same minified Stencil build artifact; false positive. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-994769e7.js | AI (source-diff): Same minified Stencil build artifact; false positive. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-994769e7.js | AI (source-diff): Network calls and dynamic code are normal UI component patterns; no dropper behavior evident. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-994769e7.js | AI (source-diff): Standard Stencil/Rollup minified build output; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-e914932b.js | AI (source-diff): Network calls are CSS fetch helpers; dynamic code execution is innerHTML for styles only — benign widget pattern. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-e914932b.js | AI (source-diff): Network calls are CSS fetch helpers; dynamic code execution is innerHTML for styles only — benign widget pattern. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-1e79780d.js | AI (source-diff): Network calls are CSS fetch helpers; dynamic code execution is innerHTML for styles only — benign widget pattern. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-e914932b.js | AI (source-diff): Standard minified Stencil.js build output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-e914932b.js | AI (source-diff): Standard minified Stencil.js build output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-1e79780d.js | AI (source-diff): Standard minified Stencil.js build output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-59ee8536.js | AI (source-diff): Minified Stencil/Vaadin/Lit bundle with recognizable license headers; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-f0d23f7a.js | AI (source-diff): Minified Stencil/Vaadin/Lit bundle with recognizable license headers; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-f0d23f7a.js | AI (source-diff): Minified Stencil/Vaadin/Lit bundle with recognizable license headers; normal build artifact. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-59ee8536.js | AI (source-diff): Network calls and dynamic customElements.define are standard Stencil web component patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-f0d23f7a.js | AI (source-diff): Network calls and dynamic customElements.define are standard Stencil web component patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-f0d23f7a.js | AI (source-diff): Network calls and dynamic customElements.define are standard Stencil web component patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-e9556266.js | AI (source-diff): UI component bundle with fetch + customElements.define; not malicious. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-7b844365.js | AI (source-diff): UI component bundle with fetch + customElements.define; not malicious. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-e9556266.js | AI (source-diff): Minified bundle with Vaadin/Lit license headers; build artifact. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-e9556266.js | AI (source-diff): Minified bundle with Vaadin/Lit license headers; build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-7b844365.js | AI (source-diff): Minified bundle with Vaadin/Lit license headers; build artifact. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-e9556266.js | AI (source-diff): UI component bundle with fetch + customElements.define; not malicious. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/general-tooltip_7.entry.js | AI (source-diff): Minified StencilJS build output; standard for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/general-tooltip_7.entry.js | AI (source-diff): Minified StencilJS build output; standard for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/general-tooltip_7.cjs.entry.js | AI (source-diff): Minified StencilJS build output; standard for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-2d4fe12d.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-3b1e9667.js | AI (source-diff): Network calls are component API fetches; dynamic code is date-fns/Stencil runtime — no dropper pattern. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-2d4fe12d.js | AI (source-diff): Network calls are component API fetches; dynamic code is date-fns/Stencil runtime — no dropper pattern. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-2d4fe12d.js | AI (source-diff): Network calls are component API fetches; dynamic code is date-fns/Stencil runtime — no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-3b1e9667.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-2d4fe12d.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/general-tooltip_8.entry.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | obfuscated-file:dist/esm/general-tooltip_8.entry.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | obfuscated-file:dist/cjs/general-tooltip_8.cjs.entry.js | AI (source-diff): Standard Stencil/Rollup minified build output for this component package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-b89883ee.js | AI (source-diff): Standard Rollup/Stencil minified build output; readable logic visible in samples, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-12ffe9b9.js | AI (source-diff): Standard Rollup/Stencil minified build output; readable logic visible in samples, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-12ffe9b9.js | AI (source-diff): Standard Rollup/Stencil minified build output; readable logic visible in samples, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-ce598555.js | AI (source-diff): Third format of the same minified bundle; legitimate build output. | ai | |
| source-diff | net-exec-file:dist/lottery-tipping-ticket-controller/lottery-tipping-ticket-controller-ce598555.js | AI (source-diff): Same false positive pattern; no actual dropper behavior in the sampled code. | ai | |
| source-diff | net-exec-file:dist/cjs/lottery-tipping-ticket-controller-a52eb354.js | AI (source-diff): Network/exec pattern is from LitElement/Vaadin component registration and fetch APIs, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-tipping-ticket-controller-a52eb354.js | AI (source-diff): Standard Stencil/Rollup minified bundle output; Vaadin/LitElement license headers confirm legitimate build artifact. | ai | |
| source-diff | net-exec-file:dist/esm/lottery-tipping-ticket-controller-ce598555.js | AI (source-diff): Same false positive as CJS counterpart; Vaadin/LitElement runtime patterns. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-tipping-ticket-controller-ce598555.js | AI (source-diff): Same minified Stencil ESM bundle; identical legitimate build artifact pattern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Corporate scoped package with 255 versions; sparse metadata is a CI pipeline artifact, not a spam/malware indicator. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent pattern across all @everymatrix widget packages; not indicative of malicious intent. | ai |
Versions (showing 51 of 161)
| Version | Deps | Published |
|---|---|---|
| 1.94.36 | 0 / 0 | |
| 1.94.35 | 0 / 0 | |
| 1.94.34 | 0 / 0 | |
| 1.94.33 | 0 / 0 | |
| 1.94.32 | 0 / 0 | |
| 1.94.31 | 0 / 0 | |
| 1.94.30 | 0 / 0 | |
| 1.94.29 | 0 / 0 | |
| 1.94.28 | 0 / 0 | |
| 1.94.27 | 0 / 0 | |
| 1.94.26 | 0 / 0 | |
| 1.94.25 | 0 / 0 | |
| 1.94.24 | 0 / 0 | |
| 1.94.23 | 0 / 0 | |
| 1.94.22 | 0 / 0 | |
| 1.94.21 | 0 / 0 | |
| 1.94.20 | 0 / 0 | |
| 1.94.19 | 0 / 0 | |
| 1.94.18 | 0 / 0 | |
| 1.94.17 | 0 / 0 | |
| 1.94.16 | 0 / 0 | |
| 1.94.15 | 0 / 0 | |
| 1.94.9 | 0 / 0 | |
| 1.94.8 | 0 / 0 | |
| 1.94.7 | 0 / 0 | |
| 1.94.6 | 0 / 0 | |
| 1.94.5 | 0 / 0 | |
| 1.94.4 | 0 / 0 | |
| 1.94.3 | 0 / 0 | |
| 1.94.2 | 0 / 0 | |
| 1.94.1 | 0 / 0 | |
| 1.94.0 | 0 / 0 | |
| 1.93.15 | 0 / 0 | |
| 1.93.14 | 0 / 0 | |
| 1.93.13 | 0 / 0 | |
| 1.93.12 | 0 / 0 | |
| 1.93.11 | 0 / 0 | |
| 1.93.10 | 0 / 0 | |
| 1.93.9 | 0 / 0 | |
| 1.93.8 | 0 / 0 | |
| 1.93.7 | 0 / 0 | |
| 1.93.6 | 0 / 0 | |
| 1.93.5 | 0 / 0 | |
| 1.93.4 | 0 / 0 | |
| 1.93.3 | 0 / 0 | |
| 1.93.2 | 0 / 0 | |
| 1.93.1 | 0 / 0 | |
| 1.93.0 | 0 / 0 | |
| 1.92.8 | 0 / 0 | |
| 1.92.7 | 0 / 0 | |
| 1.92.6 | 0 / 0 |
v1.94.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.34
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-11, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.33
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-10, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.32
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-10, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.31
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-09, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.30
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-08, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.29
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-05, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.28
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-04, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.27
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-04, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.26
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-04, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.25
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-03, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.24
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-02, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.23
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-02, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.22
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-01, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.21
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-06-01, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.20
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-29, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.19
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-28, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.18
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-28, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.17
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-27, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.16
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.15
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.8
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.7
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.6
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.5
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.4
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.2
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.8
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.7
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.6
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.