@factorialco/f0-react
F0 represents a transformative reboot of the visual language for the Factorial platform. Its core mission is to enhance consistency and coherence across Factorial's user interface, while ensuring a quick, efficient, and delightful user and developer exper
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/F0AiChat-B8j7CTvB.js | AI (source-diff): Network calls are CopilotKit API calls; dynamic code execution is React's createElement — no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-B8j7CTvB.js | AI (source-diff): Minified Vite/Rollup bundle of CopilotKit AI chat; long lines are standard bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-CQBYN-io.js | AI (source-diff): Minified React/CopilotKit bundle; standard build output for this design system package. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-CQBYN-io.js | AI (source-diff): Network calls are CopilotKit AI chat API calls; dynamic code execution is React's createElement — not malicious. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-C-qjcp7e.js | AI (source-diff): Standard Vite/Rollup minified bundle of CopilotKit + React; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-C-qjcp7e.js | AI (source-diff): Network calls and dynamic code are part of CopilotKit AI chat bundle; no dropper pattern present. | ai | |
| source-diff | net-exec-file:dist/types-CwpBoipC.js | AI (source-diff): Network calls and dynamic patterns are from bundled React/CopilotKit deps, not malware. | ai | |
| source-diff | obfuscated-file:dist/types-CwpBoipC.js | AI (source-diff): Standard Vite minified bundle for a React component library; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DkUx3lCB.js | AI (source-diff): Standard Vite minified bundle; imports clearly show React/CopilotKit/Radix components. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-DkUx3lCB.js | AI (source-diff): CopilotKit integration legitimately combines network calls with dynamic rendering. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-gZAMVrRp.js | AI (source-diff): Standard Vite/Rollup minified bundle of CopilotKit + React UI deps; long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-gZAMVrRp.js | AI (source-diff): Network calls are CopilotKit AI API calls; no dynamic code execution (eval/Function) visible in sample; false positive for this bundle. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-DNI9xUa4.js | AI (source-diff): Standard minified React bundle; imports are transparent and match declared CopilotKit peer deps. | ai | |
| source-diff | obfuscated-file:dist/index-DXD8ecUC.js | AI (source-diff): Standard minified bundle output for a large React component library; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-DNI9xUa4.js | AI (source-diff): Network calls are from CopilotKit AI chat integration; no dropper/loader pattern in the sample. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-DPDtak5l.js | AI (source-diff): Network calls are CopilotKit AI chat feature; no dynamic code execution pattern visible in sample. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-DPDtak5l.js | AI (source-diff): Standard Vite/Rollup minified bundle; imports are clearly readable React/CopilotKit code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-iuTQ3Ph9.js | AI (source-diff): Standard Vite/Rollup minified bundle output; long lines are minified imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-B9rpYsM_.js | AI (source-diff): Standard Vite minified bundle output; sample shows normal React/CopilotKit imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-SFjO0qmR.js | AI (source-diff): Standard Vite minified bundle; long lines are normal for bundled component libraries. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-B9rpYsM_.js | AI (source-diff): AI chat component legitimately uses network calls; no dropper/loader pattern in sample. | ai | |
| source-diff | obfuscated-file:dist/index-Ddy5at5O.js | AI (source-diff): Standard minified component library bundle; sample shows legitimate React/Radix/TipTap imports. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-C6Swk3kV.js | AI (source-diff): Standard Vite minified bundle for AI chat component; imports match declared @copilotkit peer deps. | ai | |
| source-diff | obfuscated-file:dist/index-DNRZaDau.js | AI (source-diff): Standard Vite minified main bundle; imports are all known UI libraries matching declared dependencies. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-C6Swk3kV.js | AI (source-diff): Network calls are React component fetch patterns, not dropper behavior; consistent with CopilotKit AI chat integration. | ai | |
| source-diff | obfuscated-file:dist/index-DXzcSrxG.js | AI (source-diff): Standard minified Vite bundle output for a large React component library; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-DJw3VBYG.js | AI (source-diff): Standard Vite/Rollup minified bundle for a React AI chat component; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-DJw3VBYG.js | AI (source-diff): Network calls and dynamic code are from CopilotKit/React runtime patterns in a legitimate UI library bundle. | ai | |
| phantom-deps | phantom-dep:echarts | AI (phantom-deps): Bundled library; deps inlined in dist. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-Cg05PVK9.js | AI (source-diff): Standard Vite minified bundle; sample shows legitimate React/CopilotKit imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-B0hDgrco.js | AI (source-diff): Standard Vite minified bundle for a large React component library; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-Cg05PVK9.js | AI (source-diff): Network calls are CopilotKit AI chat API calls; dynamic execution is React rendering — expected for this component. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-Cv0j7lo_.js | AI (source-diff): Network calls are CopilotKit AI chat API calls; dynamic code execution is normal React rendering. No dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-Cv0j7lo_.js | AI (source-diff): Standard Vite minified bundle output; sample shows readable React/CopilotKit imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-CqiKdYjB.js | AI (source-diff): Standard Vite minified bundle; sample shows normal React component library imports. | ai | |
| source-diff | obfuscated-file:dist/index-BELt7PBQ.js | AI (source-diff): Standard minified bundle output; sample shows legitimate React component imports. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-DAS9OuMu.js | AI (source-diff): Network calls and dynamic code in bundled React component library are expected (fetch APIs, dynamic imports); no malware indicators in sample. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-widnlpnJ.js | AI (source-diff): Standard Vite bundle output; minified re-exports of React/TipTap internals are normal for this library. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-RSypR7CQ.js | AI (source-diff): Standard Vite bundle output; minified re-exports consistent with UI library build artifacts. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-DAS9OuMu.js | AI (source-diff): Standard Vite bundle output for a React UI library; minified lines are normal build artifacts. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-Bxbwl5Iu.js | AI (source-diff): Standard Vite-minified bundle; long lines are minified React component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-4yObgxX5.js | AI (source-diff): Standard Vite-minified bundle; long lines are minified React component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-nSWZKUHs.js | AI (source-diff): Standard Vite bundle output; minified React/TipTap code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-D66orUfb.js | AI (source-diff): Standard Vite-minified bundle for data collection hook; consistent with design system build output. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-DdaYq0tI.js | AI (source-diff): Standard Vite-minified bundle for chat history hook; consistent with design system build output. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-Czxg0RlQ.js | AI (source-diff): Network+exec pattern fires on minified React component bundle; no dropper/loader indicators in sample. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-Czxg0RlQ.js | AI (source-diff): Standard Vite-minified bundle; readable React imports confirm legitimate build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-Cq8UdI6Q.js | AI (source-diff): Standard Vite-minified bundle with readable React/tiptap imports; long lines are minified legitimate code. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DtX_WySE.js | AI (source-diff): Standard Vite-minified bundle; readable React imports confirm legitimate build output. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-5xCiLQgH.js | AI (source-diff): Network+exec pattern fires on bundled React component code; no dropper behavior visible in sample. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-5xCiLQgH.js | AI (source-diff): Standard Vite-minified bundle; readable React imports confirm legitimate build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-J1mHZWxx.js | AI (source-diff): Standard Vite bundle output; readable imports confirm legitimate React/CopilotKit component code. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-J1mHZWxx.js | AI (source-diff): Network calls are CopilotKit AI chat API calls; no dynamic code execution pattern in sampled code. | ai | |
| source-diff | obfuscated-file:dist/index-DTN2fMDI.js | AI (source-diff): Standard Vite bundle with readable named imports; long lines are normal minified output for this component library. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-DMLQMGBW.js | AI (source-diff): Standard Vite/Rollup minified bundle output for a React component library; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-iZJIN18U.js | AI (source-diff): Standard Vite/Rollup minified bundle; long lines are re-exported symbol lists, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-DvbntgsJ.js | AI (source-diff): Standard Vite/Rollup minified bundle; long lines are re-exported symbol lists, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-DMLQMGBW.js | AI (source-diff): Network calls and dynamic code in bundled React component library are expected; no malware indicators in sample. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-D0ocv9zW.js | AI (source-diff): React component bundle with CopilotKit imports; no dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-D0ocv9zW.js | AI (source-diff): Standard Vite minified bundle; long lines are from bundling, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiProposalCard-CfICNrar.js | AI (source-diff): React component bundle with CopilotKit imports; no dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:dist/F0AiProposalCard-CfICNrar.js | AI (source-diff): Standard Vite minified bundle; long lines are from bundling, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-DCBZKVBj.js | AI (source-diff): Network calls are CopilotKit API interactions; no dynamic code execution pattern in sample. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-DCBZKVBj.js | AI (source-diff): Vite-minified React bundle for AI chat component; standard build output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-BXsgsBJi.js | AI (source-diff): Network calls are CopilotKit AI API calls; no dynamic code execution beyond normal React rendering patterns. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-BXsgsBJi.js | AI (source-diff): Standard minified React bundle; readable imports confirm legitimate CopilotKit AI chat component, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-DtigCLJb.js | AI (source-diff): Standard minified bundle output from Vite build; readable import structure confirms legitimate component library code. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-BoBl_LAm.js | AI (source-diff): Minified build output for a React AI chat component; standard bundler output for this design system package. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-BoBl_LAm.js | AI (source-diff): Network calls are CopilotKit API calls; dynamic code execution is React's createElement — no dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-EblUp6hE.js | AI (source-diff): Standard Vite/Rollup minified bundle output; not obfuscation. Stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-EblUp6hE.js | AI (source-diff): Network calls and dynamic code in bundled React component library are normal; no dropper/loader pattern present. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-6qTtYcQc.js | AI (source-diff): Standard Vite/Rollup minified bundle; long lines are import re-exports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DsmyWSV7.js | AI (source-diff): Standard Vite/Rollup minified bundle; long lines are import re-exports, not obfuscation. | ai | |
| phantom-deps | phantom-dep:colord | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:y-prosemirror | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:@reactuses/core | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:echarts-for-react | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:remark-rehype | AI (phantom-deps): Bundled library false positive. | ai | |
| source-diff | obfuscated-file:dist/F0AiTableCard-8ATpfNg4.js | AI (source-diff): Standard Vite bundle output with readable React/tiptap imports; long lines are minified but not malicious. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-DNz4nej5.js | AI (source-diff): Standard Vite bundle; imports are from known packages (react, copilotkit, react-dom). Not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-DNz4nej5.js | AI (source-diff): Network calls are CopilotKit AI API calls; dynamic code execution is React's createElement — expected for this component library. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-Dutz5gMZ.js | AI (source-diff): Standard Vite bundle with readable React/tiptap/radix imports; minified but not obfuscated. | ai | |
| phantom-deps | phantom-dep:yjs | AI (phantom-deps): Bundled component library; deps are tree-shaken into dist, phantom-dep heuristic is unreliable here. | ai | |
| phantom-deps | phantom-dep:vaul | AI (phantom-deps): Same as above — bundled library false positive. | ai | |
| phantom-deps | phantom-dep:xlsx | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:unified | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:dompurify | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:@tiptap/pm | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:aria-hidden | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:y-protocols | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): Bundled library false positive. | ai | |
| phantom-deps | phantom-dep:@dnd-kit/core | AI (phantom-deps): Bundled library false positive. | ai | |
| source-diff | obfuscated-file:dist/F0AiProposalCard-CsyaQRNb.js | AI (source-diff): Standard Vite minified bundle with readable React/CopilotKit imports; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-DRE8x9t0.js | AI (source-diff): Same pattern as above — CopilotKit AI integration with React; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DRE8x9t0.js | AI (source-diff): Standard Vite minified bundle; imports from react, react-dom, @copilotkit packages are clearly visible and legitimate. | ai | |
| source-diff | net-exec-file:dist/F0AiProposalCard-CsyaQRNb.js | AI (source-diff): Network calls are CopilotKit AI API calls; dynamic code execution is React createElement — normal UI library pattern. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-8cFWNhbQ.js | AI (source-diff): Network calls and dynamic code in a UI component library bundle are expected; no dropper pattern in sample. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-CeczsYtn.js | AI (source-diff): Minified Vite bundle with recognizable react imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-BLSpXWfe.js | AI (source-diff): Minified Vite bundle with recognizable react/tiptap imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-8cFWNhbQ.js | AI (source-diff): Standard Vite minified bundle; react/radix/tiptap imports visible in sample — not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-DAJcyyFM.js | AI (source-diff): Network calls and dynamic code in minified React bundle are normal for a component library; no dropper pattern visible. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-CjRrXJC3.js | AI (source-diff): Minified Vite bundle with readable React imports; consistent with legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/useChatHistory-D1pjDBvO.js | AI (source-diff): Minified Vite bundle with readable React/tiptap imports; consistent with legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-DAJcyyFM.js | AI (source-diff): Standard Vite/Rollup minified bundle output; readable React imports confirm legitimate build artifact. | ai | |
| source-diff | net-exec-file:dist/F0AiProposalCard-Dm9l3Kgu.js | AI (source-diff): Network calls are CopilotKit/React API usage in a UI component bundle, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-DXKGQFzT.js | AI (source-diff): Network calls are CopilotKit/React API usage in a UI component bundle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DXKGQFzT.js | AI (source-diff): Standard Vite/Rollup minified bundle output; long lines are expected for this component library. | ai | |
| source-diff | obfuscated-file:dist/F0AiProposalCard-Dm9l3Kgu.js | AI (source-diff): Standard Vite/Rollup minified bundle output; long lines are expected for this component library. | ai | |
| source-diff | obfuscated-file:dist/F0CanvasPanel-v9tjaOnW.js | AI (source-diff): Standard Vite-bundled minified output; imports are clearly React/CopilotKit/radix-ui, no malicious patterns. | ai | |
| source-diff | net-exec-file:dist/F0CanvasPanel-v9tjaOnW.js | AI (source-diff): Network calls are CopilotKit AI SDK integration; no dynamic code execution beyond normal React rendering. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-BzwXcIpi.js | AI (source-diff): Standard Vite-bundled minified output; long lines are tree-shaken import aliases. | ai | |
| source-diff | obfuscated-file:dist/F0AiTableCard-BzXULBvr.js | AI (source-diff): Standard Vite-bundled minified output; long lines are tree-shaken import aliases, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-DIqM2tSl.js | AI (source-diff): Network calls are CopilotKit AI API calls; no dynamic code execution pattern found in sample. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-DIqM2tSl.js | AI (source-diff): Large bundled React/CopilotKit UI component; minification is expected for this design-system package. | ai | |
| source-diff | obfuscated-file:dist/index-DiYIVlNi.js | AI (source-diff): Standard Vite-minified ESM bundle for a React UI library; samples show normal React imports, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/registry-BJ23uROr.js | AI (source-diff): Network calls are React component renders (CopilotKit AI integration); no dropper/loader pattern present in samples. | ai | |
| source-diff | obfuscated-file:dist/registry-BJ23uROr.js | AI (source-diff): Standard Vite-minified ESM bundle; samples show React/copilotkit/radix-ui imports, consistent with UI library build output. | ai | |
| source-diff | obfuscated-file:dist/index-Dmd29pkw.js | AI (source-diff): Standard minified component bundle; long lines are import maps, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-D1bXbxjx.js | AI (source-diff): Minified bundle of CopilotKit AI chat component; readable imports confirm legitimate UI code, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-D1bXbxjx.js | AI (source-diff): Network calls are CopilotKit AI API calls; dynamic execution is standard React rendering. No dropper pattern. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-DeiW759t.js | AI (source-diff): Same bundle pattern; CopilotKit AI integration explains network + dynamic execution. | ai | |
| source-diff | obfuscated-file:dist/F0AiProposalCard-CDG2dAfX.js | AI (source-diff): Standard Vite minified bundle output for a React component library; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiProposalCard-CDG2dAfX.js | AI (source-diff): Network calls and dynamic code in bundled React/CopilotKit components; no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DeiW759t.js | AI (source-diff): Standard Vite minified bundle; imports are clearly readable React/CopilotKit dependencies. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-C8H9OyiK.js | AI (source-diff): Network calls are CopilotKit AI API calls; code execution is React rendering — expected for an AI chat UI component. | ai | |
| source-diff | obfuscated-file:dist/index-CmGdjT42.js | AI (source-diff): Standard minified main bundle for a React UI library; no malicious indicators in sample. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-C8H9OyiK.js | AI (source-diff): Standard minified React bundle for AI chat component; imports are clearly from @copilotkit and React. | ai | |
| source-diff | net-exec-file:dist/registry-BIy-0Gec.js | AI (source-diff): Network calls are @copilotkit AI SDK usage; no dynamic code execution pattern visible in sample. | ai | |
| source-diff | obfuscated-file:dist/registry-BIy-0Gec.js | AI (source-diff): Bundled registry feature with @copilotkit imports; minification is expected for this package type. | ai | |
| source-diff | obfuscated-file:dist/index-BhZqG8Ou.js | AI (source-diff): Standard Vite-bundled React component library output; minified but readable imports confirm legitimate code. | ai | |
| source-diff | net-exec-file:dist/F0AiChat-RHHqqqMC.js | AI (source-diff): Network calls and dynamic code in a bundled React+CopilotKit AI chat component; expected pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-D_fn_du2.js | AI (source-diff): Standard minified Vite build output; legitimate UI library bundle. | ai | |
| source-diff | obfuscated-file:dist/F0AiChat-RHHqqqMC.js | AI (source-diff): Standard Vite/Rollup minified bundle output for a React UI library; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/F0AiProposalCard-CzWoGKwm.js | AI (source-diff): Network calls are from @copilotkit/react-core UI library; no dropper pattern present. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-DTsD48r9.js | AI (source-diff): Network calls from @copilotkit libraries; consistent with AI sidebar feature addition. | ai | |
| source-diff | obfuscated-file:dist/F0AiProposalCard-CzWoGKwm.js | AI (source-diff): Standard Vite minified bundle; long lines are from bundled imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-DTsD48r9.js | AI (source-diff): Standard Vite minified bundle with legitimate React/CopilotKit imports. | ai | |
| source-diff | net-exec-file:dist/types-zUkcMLoO.js | AI (source-diff): React component library bundle; network/exec pattern is false positive from bundled fetch/eval-free UI code. | ai | |
| source-diff | obfuscated-file:dist/xlsx-Bedf3nwD.js | AI (source-diff): This is the bundled [email protected] library, a well-known spreadsheet package; minification is expected. | ai | |
| source-diff | net-exec-file:dist/useDataCollectionSource-BNMQa-mV.js | AI (source-diff): CopilotKit integration bundle; network calls are legitimate AI chat API usage, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/useDataCollectionSource-BNMQa-mV.js | AI (source-diff): Minified Vite bundle with CopilotKit/React imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/types-zUkcMLoO.js | AI (source-diff): Standard Vite/Rollup minified bundle output; long lines are import maps, not obfuscation. | ai |
Versions (showing 49 of 49)
| Version | Deps | Published |
|---|---|---|
| 2.45.0 | 84 / 74 | |
| 2.41.4 | 84 / 74 | |
| 2.39.1 | 84 / 74 | |
| 2.30.2 | 84 / 74 | |
| 2.27.0 | 84 / 74 | |
| 2.25.0 | 84 / 74 | |
| 2.22.0 | 84 / 74 | |
| 2.20.1 | 84 / 74 | |
| 2.19.1 | 84 / 74 | |
| 2.14.5 | 84 / 73 | |
| 2.8.0 | 84 / 73 | |
| 2.2.0 | 84 / 73 | |
| 1.478.1 | 84 / 73 | |
| 1.476.0 | 84 / 73 | |
| 1.472.0 | 84 / 73 | |
| 1.471.0 | 84 / 73 | |
| 1.470.1 | 84 / 73 | |
| 1.469.0 | 84 / 73 | |
| 1.468.1 | 84 / 73 | |
| 1.468.0 | 84 / 73 | |
| 1.467.0 | 84 / 73 | |
| 1.466.1 | 84 / 73 | |
| 1.466.0 | 84 / 73 | |
| 1.465.0 | 84 / 73 | |
| 1.464.2 | 84 / 73 | |
| 1.464.1 | 84 / 73 | |
| 1.464.0 | 84 / 73 | |
| 1.463.0 | 84 / 73 | |
| 1.462.0 | 84 / 73 | |
| 1.459.1 | 84 / 73 | |
| 1.459.0 | 84 / 73 | |
| 1.458.1 | 84 / 73 | |
| 1.457.0 | 84 / 73 | |
| 1.454.0 | 84 / 73 | |
| 1.449.2 | 84 / 73 | |
| 1.447.0 | 84 / 73 | |
| 1.445.0 | 84 / 73 | |
| 1.444.0 | 84 / 73 | |
| 1.438.2 | 84 / 73 | |
| 1.433.0 | 84 / 73 | |
| 1.431.0 | 84 / 73 | |
| 1.429.0 | 84 / 73 | |
| 1.428.0 | 84 / 72 | |
| 1.427.3 | 84 / 72 | |
| 1.427.0 | 84 / 72 | |
| 1.425.4 | 84 / 72 | |
| 1.425.2 | 84 / 72 | |
| 1.425.1 | 84 / 72 | |
| 1.425.0 | 84 / 72 |
v2.45.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.41.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.39.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.30.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.27.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.25.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.22.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.20.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.19.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.478.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.476.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.472.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.470.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.469.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.468.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.468.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.467.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.466.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.466.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.465.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.464.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.464.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.464.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.463.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.462.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.459.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.459.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.458.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.457.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.454.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.449.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.447.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.445.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.444.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.438.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.433.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.431.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.429.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.428.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.427.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.427.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.425.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.425.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.425.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.425.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.