← Home

@everymatrix/player-account-timeout

npm
1
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-B_si3F2v.js AI (source-diff): Standard Vite ESM bundle output; readable Svelte component code. ai
source-diff net-exec-file:components/PlayerAccountTimeout-SY26GQqR.js AI (source-diff): Same Svelte runtime pattern as sibling files; not malware. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-SY26GQqR.js AI (source-diff): Standard Vite ESM bundle output; not obfuscation. ai
source-diff net-exec-file:components/PlayerAccountTimeout-BuEWgcPG.js AI (source-diff): Network calls and dynamic code are Svelte runtime + vaadin dev-mode detector pattern; not malware. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-BuEWgcPG.js AI (source-diff): Standard Vite ESM bundle output for Svelte runtime; not obfuscation. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-C_J-kHwS.js AI (source-diff): Standard Vite ESM bundle output; readable Svelte component code. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-Uf1_pMr0.cjs AI (source-diff): Standard Vite/Rollup minified Svelte runtime bundle; not obfuscation. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-B-NLu3fq.cjs AI (source-diff): Standard Vite/Rollup minified Svelte component bundle; not obfuscation. ai
source-diff obfuscated-file:components/PlayerAccountModal-YGoKcWBU.cjs AI (source-diff): Standard Vite/Rollup minified Svelte component bundle; not obfuscation. ai
source-diff net-exec-file:components/PlayerAccountTimeout-Uf1_pMr0.cjs AI (source-diff): Network calls are API fetches in Svelte component; dynamic code execution is requestAnimationFrame/Promise patterns, not dropper behavior. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-C8VJMcxw.js AI (source-diff): Standard Vite/Rollup minified Svelte component bundle; not obfuscation. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-D_TKPyfn.js AI (source-diff): Standard Vite/Rollup minified Svelte component bundle; not obfuscation. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-CRlUG1_9.js AI (source-diff): Standard Vite/Rollup minified Svelte runtime bundle; not obfuscation. ai
source-diff net-exec-file:components/PlayerAccountTimeout-CRlUG1_9.js AI (source-diff): Network calls are API fetches in Svelte component; dynamic code execution is requestAnimationFrame/Promise patterns, not dropper behavior. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-CrUNlRJ_.js AI (source-diff): Standard Vite/Rollup minified Svelte runtime bundle; not obfuscation. ai
source-diff net-exec-file:components/PlayerAccountTimeout-CrUNlRJ_.js AI (source-diff): Network calls are API fetches in Svelte component; dynamic code execution is requestAnimationFrame/Promise patterns, not dropper behavior. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-BpC9LuZi.js AI (source-diff): Svelte compiled ESM bundle; minified output is expected for this package family. ai
source-diff net-exec-file:components/PlayerAccountTimeout-CDiSofKq.cjs AI (source-diff): Network calls are requestAnimationFrame/fetch for UI; dynamic code execution is Svelte runtime pattern, not dropper behavior. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-CDiSofKq.cjs AI (source-diff): Svelte/Stencil compiled CJS bundle; minified output is expected for this package. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-Dpb1Pf0V.js AI (source-diff): Svelte compiled ESM bundle; minified output is expected for this package family. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-B020jhYW.js AI (source-diff): Svelte compiled ESM bundle; minified output is expected for this package. ai
source-diff net-exec-file:components/PlayerAccountTimeout-B020jhYW.js AI (source-diff): Network/exec pattern is Svelte runtime (requestAnimationFrame, Promise); not malware. ai
source-diff obfuscated-file:components/PlayerAccountTimeout-CMRBHSud.js AI (source-diff): Svelte compiled ESM bundle; minified output is expected for this package. ai
source-diff net-exec-file:components/PlayerAccountTimeout-CMRBHSud.js AI (source-diff): Network/exec pattern is Svelte runtime; not dropper behavior. ai
source-diff obfuscated-file:components/PlayerAccountModal-uZMycbeW.cjs AI (source-diff): Svelte compiled CJS bundle; standard minified output for this package family. ai
source-diff obfuscated-file:components/PlayerAccountGeneralConfirmationModal-DAiX-ei-.cjs AI (source-diff): Svelte compiled CJS bundle; minified single-line output is expected build artifact for this package family. ai
semgrep semgrep:new-function-constructor AI (semgrep): Fires inside Vaadin development-mode-detector bundle; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Scoped component library with 901 versions; missing metadata is a style choice, not a spam indicator. ai

Versions (showing 1 of 210)

Version Deps Published
1.65.3 0 / 0

v1.65.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.