@everymatrix/player-bonus-history
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:components/PlayerBonusHistory-BEJCSoQ6.js | AI (source-diff): Standard Svelte/Vite minified bundle output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BUDWlZXF.cjs | AI (source-diff): Standard Svelte/Vite minified bundle output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CxACrSzY.cjs | AI (source-diff): Standard Svelte/Vite minified bundle output; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DdyXfGAs.js | AI (source-diff): Network calls are API fetches in Svelte component; dynamic execution is standard framework lifecycle, not dropper behavior. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BEJCSoQ6.js | AI (source-diff): Network calls are API fetches in Svelte component; dynamic execution is standard framework lifecycle, not dropper behavior. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BUDWlZXF.cjs | AI (source-diff): Network calls are API fetches in Svelte component; dynamic execution is standard framework lifecycle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DdyXfGAs.js | AI (source-diff): Standard Svelte/Vite minified bundle output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CGxntrpq.cjs | AI (source-diff): Standard bundled Svelte component output with i18n strings; not obfuscated. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BPTJa7VA.js | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BC5ZS-3h.js | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-Cp0SoXmB.cjs | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BPTJa7VA.js | AI (source-diff): Bundled Svelte ESM output; standard build artifact. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BC5ZS-3h.js | AI (source-diff): Bundled Svelte ESM output; standard build artifact. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-Cp0SoXmB.cjs | AI (source-diff): Bundled Svelte CJS output; long lines from minification, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BL8oTuyG.cjs | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CPI4qDOm.js | AI (source-diff): Same Vaadin dev-mode + fetch pattern; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CPI4qDOm.js | AI (source-diff): ESM bundle with i18n; standard build output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CmK1Rri5.js | AI (source-diff): Vaadin dev-mode pattern + fetch in UI component; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CmK1Rri5.js | AI (source-diff): ESM bundle with i18n; standard build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BL8oTuyG.cjs | AI (source-diff): CJS bundle with i18n strings; minification is expected build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CXJ32nqq.cjs | AI (source-diff): Bundled Svelte runtime + component code; long lines from minification, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-FojWd9cl.js | AI (source-diff): Same benign Svelte runtime patterns in alternate build target. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-FojWd9cl.js | AI (source-diff): Another build target of same Svelte component; standard output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-B4iMNr6v.js | AI (source-diff): ESM variant; same benign Svelte runtime patterns. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-B4iMNr6v.js | AI (source-diff): ESM variant of same bundled Svelte component; not obfuscated. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-C50YCkyK.cjs | AI (source-diff): Standard Vite/Rollup bundled Svelte component output with i18n strings; not obfuscated. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CXJ32nqq.cjs | AI (source-diff): Svelte compiled output with fetch + Function patterns; no malicious payload. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DHVfmVdW.js | AI (source-diff): Minified Svelte/framework bundle output; readable structure, @__PURE__ annotations confirm standard build tooling. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DHVfmVdW.js | AI (source-diff): Network calls and dynamic execution are expected in a frontend UI component bundle; no dropper indicators. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DtaxrYhh.js | AI (source-diff): Same pattern as sibling file — minified Svelte bundle, not obfuscated malware. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DtaxrYhh.js | AI (source-diff): Frontend component bundle; network+exec pattern is benign in this context. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DHnglXOD.js | AI (source-diff): Minified Svelte/Vite bundle; readable helper functions, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CKgXB5tw.cjs | AI (source-diff): Minified Svelte/Vite bundle output; readable i18n and DOM code, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DYDPAsky.cjs | AI (source-diff): Minified Svelte/Vite bundle output; standard component runtime helpers, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DYDPAsky.cjs | AI (source-diff): Network calls and dynamic code are standard Svelte runtime patterns (fetch + addEventListener), not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BKM8FQRN.js | AI (source-diff): Minified Svelte/Vite ESM bundle; readable structure, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BKM8FQRN.js | AI (source-diff): Standard Svelte runtime network+DOM patterns in a UI component bundle. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DHnglXOD.js | AI (source-diff): Standard Svelte runtime patterns; no dropper indicators in sampled code. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-AZoMiRUh.cjs | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component; not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-EarPJwtH.js | AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-EarPJwtH.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory--nIn73Vl.js | AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory--nIn73Vl.js | AI (source-diff): Standard Rollup/Vite minified build output; content is i18n strings and Svelte runtime. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-D2bsuLf4.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CJivsjxP.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-L1IMmrg6.cjs | AI (source-diff): Network calls and dynamic code are Svelte/Vaadin runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-L1IMmrg6.cjs | AI (source-diff): Standard Rollup/Vite minified build output; content is i18n strings and Svelte runtime. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CATEo6os.cjs | AI (source-diff): Standard minified Svelte runtime bundle; no obfuscation indicators beyond minification. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-D1LjOTQU.js | AI (source-diff): DOM/fetch patterns in Svelte component; consistent with prior versions. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-D1LjOTQU.js | AI (source-diff): Minified Svelte bundle; readable runtime helpers visible in sample. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BPA7vUbZ.js | AI (source-diff): Standard Svelte component network patterns; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BPA7vUbZ.js | AI (source-diff): Minified Svelte ESM bundle; same pattern as prior approved versions. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CATEo6os.cjs | AI (source-diff): Network calls are DOM fetch/XHR patterns in Svelte component; no dropper behavior visible. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-C_Y0JHfR.cjs | AI (source-diff): Minified Svelte/Rollup build output; readable i18n strings and DOM APIs visible in sample. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CJz1RBfF.cjs | AI (source-diff): Standard Vite/Svelte minified build output; consistent with prior versions of this package. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-ImKhkCU7.js | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-ImKhkCU7.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BLImQ91h.js | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BLImQ91h.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-ONInjr0K.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CL3gHhi_.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CJz1RBfF.cjs | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-DpuXmWBS.cjs | AI (source-diff): Standard Vite/Svelte minified build output; consistent with prior versions of this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped component library with 847 versions; missing metadata is a known pattern for this org. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires inside Vaadin dev-mode detector utility; standard pattern, not malicious. | ai |
Versions (showing 100 of 223)
| Version | Deps | Published |
|---|---|---|
| 1.84.3 | 0 / 0 | |
| 1.84.2 | 0 / 0 | |
| 1.84.1 | 0 / 0 | |
| 1.84.0 | 0 / 0 | |
| 1.83.12 | 0 / 0 | |
| 1.83.11 | 0 / 0 | |
| 1.83.10 | 0 / 0 | |
| 1.83.9 | 0 / 0 | |
| 1.83.8 | 0 / 0 | |
| 1.83.7 | 0 / 0 | |
| 1.83.6 | 0 / 0 | |
| 1.83.5 | 0 / 0 | |
| 1.83.4 | 0 / 0 | |
| 1.83.3 | 0 / 0 | |
| 1.83.2 | 0 / 0 | |
| 1.83.1 | 0 / 0 | |
| 1.83.0 | 0 / 0 | |
| 1.82.0 | 0 / 0 | |
| 1.81.2 | 0 / 0 | |
| 1.81.1 | 0 / 0 | |
| 1.81.0 | 0 / 0 | |
| 1.80.19 | 0 / 0 | |
| 1.80.18 | 0 / 0 | |
| 1.80.17 | 0 / 0 | |
| 1.80.16 | 0 / 0 | |
| 1.80.15 | 0 / 0 | |
| 1.80.14 | 0 / 0 | |
| 1.80.13 | 0 / 0 | |
| 1.80.12 | 0 / 0 | |
| 1.80.11 | 0 / 0 | |
| 1.80.10 | 0 / 0 | |
| 1.80.9 | 0 / 0 | |
| 1.80.8 | 0 / 0 | |
| 1.80.7 | 0 / 0 | |
| 1.80.6 | 0 / 0 | |
| 1.80.5 | 0 / 0 | |
| 1.80.4 | 0 / 0 | |
| 1.80.3 | 0 / 0 | |
| 1.80.2 | 0 / 0 | |
| 1.80.1 | 0 / 0 | |
| 1.80.0 | 0 / 0 | |
| 1.77.32 | 0 / 0 | |
| 1.77.31 | 0 / 0 | |
| 1.77.30 | 0 / 0 | |
| 1.77.29 | 0 / 0 | |
| 1.77.28 | 0 / 0 | |
| 1.77.27 | 0 / 0 | |
| 1.77.26 | 0 / 0 | |
| 1.77.25 | 0 / 0 | |
| 1.77.24 | 0 / 0 | |
| 1.77.23 | 0 / 0 | |
| 1.77.22 | 0 / 0 | |
| 1.77.21 | 0 / 0 | |
| 1.77.20 | 0 / 0 | |
| 1.77.19 | 0 / 0 | |
| 1.77.18 | 0 / 0 | |
| 1.77.17 | 0 / 0 | |
| 1.77.16 | 0 / 0 | |
| 1.77.15 | 0 / 0 | |
| 1.77.14 | 0 / 0 | |
| 1.77.13 | 0 / 0 | |
| 1.77.12 | 0 / 0 | |
| 1.77.11 | 0 / 0 | |
| 1.77.10 | 0 / 0 | |
| 1.77.9 | 0 / 0 | |
| 1.77.8 | 0 / 0 | |
| 1.77.7 | 0 / 0 | |
| 1.77.6 | 0 / 0 | |
| 1.77.5 | 0 / 0 | |
| 1.77.4 | 0 / 0 | |
| 1.77.3 | 0 / 0 | |
| 1.77.2 | 0 / 0 | |
| 1.77.1 | 0 / 0 | |
| 1.77.0 | 0 / 0 | |
| 1.76.14 | 0 / 0 | |
| 1.76.13 | 0 / 0 | |
| 1.76.12 | 0 / 0 | |
| 1.76.11 | 0 / 0 | |
| 1.76.10 | 0 / 0 | |
| 1.76.9 | 0 / 0 | |
| 1.76.8 | 0 / 0 | |
| 1.76.7 | 0 / 0 | |
| 1.76.6 | 0 / 0 | |
| 1.76.5 | 0 / 0 | |
| 1.76.4 | 0 / 0 | |
| 1.76.3 | 0 / 0 | |
| 1.76.1 | 0 / 0 | |
| 1.76.0 | 0 / 0 | |
| 1.75.1 | 0 / 0 | |
| 1.75.0 | 0 / 0 | |
| 1.74.10 | 0 / 0 | |
| 1.74.8 | 0 / 0 | |
| 1.74.7 | 0 / 0 | |
| 1.74.6 | 0 / 0 | |
| 1.74.5 | 0 / 0 | |
| 1.74.4 | 0 / 0 | |
| 1.74.3 | 0 / 0 | |
| 1.74.2 | 0 / 0 | |
| 1.74.1 | 0 / 0 | |
| 1.74.0 | 0 / 0 |
v1.84.3
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.84.2
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.84.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.84.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.83.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.83.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.83.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.83.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.82.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.81.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.81.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.81.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.80.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.77.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.76.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.75.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.75.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.74.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.