@everymatrix/player-account-self-exclusion
7
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-DeXn4IWi.cjs | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-u8FQDAXD.js | AI (source-diff): Svelte runtime uses fetch + dynamic patterns; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-Bo9o9nYS.js | AI (source-diff): Svelte runtime uses fetch + dynamic patterns; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-CoDh2WOg.cjs | AI (source-diff): Svelte runtime uses fetch + dynamic patterns; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-u8FQDAXD.js | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-Bo9o9nYS.js | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-CshJ-jjp.js | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-CKTjGwYF.js | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-CoDh2WOg.cjs | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountModal-CWfuV1IK.cjs | AI (source-diff): Minified Svelte component bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-DMzxz7tw.js | AI (source-diff): Standard minified component chunk from Vite build pipeline. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-DXYdyTDz.js | AI (source-diff): Standard Vite/Rollup minified bundle output; hash-suffixed filenames are content-addressed chunks. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-WADwqQOF.js | AI (source-diff): Standard Vite/Rollup minified bundle output; hash-suffixed filenames are content-addressed chunks. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-DqdxuF-H.js | AI (source-diff): Standard minified component chunk from Vite build pipeline. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-DXYdyTDz.js | AI (source-diff): Network calls and dynamic execution are part of the Svelte/Stencil component runtime, not dropper behavior. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-WADwqQOF.js | AI (source-diff): Network calls and dynamic execution are part of the Svelte/Stencil component runtime, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountModal-B0Gpvs7c.cjs | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-B1KxL7Uc.cjs | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-DXxiPGY9.cjs | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-DJSl2b5x.js | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-C-gMfNgb.js | AI (source-diff): Network calls are fetch/XHR for API data; dynamic execution is Svelte runtime Promise handling — not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountSelfExclusion-C-gMfNgb.js | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-gcAOCwXn.js | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | obfuscated-file:components/PlayerAccountGeneralConfirmationModal-D8akNs65.js | AI (source-diff): Standard minified Svelte/Rollup build output for this org's component packages. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-DJSl2b5x.js | AI (source-diff): Network calls are fetch/XHR for API data; dynamic execution is Svelte runtime Promise handling — not dropper behavior. | ai | |
| source-diff | net-exec-file:components/PlayerAccountSelfExclusion-B1KxL7Uc.cjs | AI (source-diff): Network calls are fetch/XHR for API data; dynamic execution is Svelte runtime Promise handling — not dropper behavior. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped component library with 861 versions; missing metadata fields are a consistent pattern, not spam indicators. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires inside vaadin-development-mode-detector, a known third-party utility; stable false positive for this package. | ai |
Versions (showing 7 of 210)
| Version | Deps | Published |
|---|---|---|
| 1.68.0 | 0 / 0 | |
| 1.67.3 | 0 / 0 | |
| 1.67.0 | 0 / 0 | |
| 1.66.2 | 0 / 0 | |
| 1.66.1 | 0 / 0 | |
| 1.66.0 | 0 / 0 | |
| 1.65.3 | 0 / 0 |
v1.68.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.67.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.67.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.1
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.65.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.