@everymatrix/player-active-bonuses
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Scoped org package with 892 versions; missing description is a metadata gap, not a risk signal. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C6VSDWx9.cjs | AI (source-diff): Standard Vite/Rollup bundled Svelte component output; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-TUS8oqV0.js | AI (source-diff): Alternate build target of same component; standard bundler output. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C_30tdxK.js | AI (source-diff): ESM build output of the same Svelte component; standard bundler artifact. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CIjVhKcz.cjs | AI (source-diff): Bundled component with i18n strings; not obfuscated, just minified build output. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-D20dZ3xr.js | AI (source-diff): Standard minified Svelte bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-BSVXrmSW.js | AI (source-diff): Standard minified Svelte bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CmY85Elj.cjs | AI (source-diff): Standard minified Svelte bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-Ckl0X2BG.cjs | AI (source-diff): Standard minified Svelte bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-BCXw2v5o.cjs | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-Dmi07owg.cjs | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-MdaNzFqC.js | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-BN4axLxM.js | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C9Dp0Y5p.js | AI (source-diff): Standard minified Svelte bundle output; readable framework code visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C-hnzDEn.js | AI (source-diff): Standard minified Svelte bundle output; readable framework code visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C3vdt_Hr.js | AI (source-diff): Standard minified Svelte bundle output; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-B6q1sq5s.js | AI (source-diff): Standard minified Svelte bundle output; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-DIKz4XJn.cjs | AI (source-diff): Standard minified Svelte bundle output; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-JB5FXjp1.cjs | AI (source-diff): Standard minified Svelte bundle output; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-DiJW49MM.cjs | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-DK900dVf.js | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-DIpIl0fa.js | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-C7AVLD7n.cjs | AI (source-diff): Standard minified Svelte/Vite build output; consistent with this package's established pattern. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-7z4gflJI.cjs | AI (source-diff): Standard minified Svelte bundle output; consistent with established build pipeline for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped corporate package (@everymatrix); no public repo/keywords expected; 851 versions published over 4+ years. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-HqSIMK9F.js | AI (source-diff): Standard minified Svelte bundle output; consistent with established build pipeline for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-Bi1hQDja.js | AI (source-diff): Standard minified Svelte bundle output; consistent with established build pipeline for this package. | ai | |
| source-diff | obfuscated-file:components/PlayerActiveBonuses-RlzBJblz.cjs | AI (source-diff): Standard minified Svelte bundle output; consistent with established build pipeline for this package. | ai |
Versions (showing 12 of 219)
| Version | Deps | Published |
|---|---|---|
| 1.70.1 | 0 / 0 | |
| 1.70.0 | 0 / 0 | |
| 1.69.3 | 0 / 0 | |
| 1.69.2 | 0 / 0 | |
| 1.69.0 | 0 / 0 | |
| 1.68.0 | 0 / 0 | |
| 1.67.3 | 0 / 0 | |
| 1.67.0 | 0 / 0 | |
| 1.66.2 | 0 / 0 | |
| 1.66.1 | 0 / 0 | |
| 1.66.0 | 0 / 0 | |
| 1.65.3 | 0 / 0 |
v1.70.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.70.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.69.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.69.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.69.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.68.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.67.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.67.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.66.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.65.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.