← Home

@flarehr/promoted-benefits-ui

npm

Flare Promoted Benefits

4
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

kyryll-flarehriain.fergusoningerweinberger74boris.etingof.flareflare.buildvitaly.brusentsevrubindershanganesan

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/assets/index-Bn7Qo-bZ.js AI (source-diff): Standard Vite build output; minified dist files are expected for this UI component package. ai
source-diff obfuscated-file:dist/assets/index-Cr1-hDnE.js AI (source-diff): Standard Vite minified bundle output for a Preact UI library; not obfuscation. ai
source-diff obfuscated-file:dist/assets/index-Cmc_7UFG.js AI (source-diff): Standard Vite minified bundle output; pattern is stable for this Preact UI package. ai
source-diff obfuscated-file:dist/assets/index-m_hAeHsk.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-DS9jnFnl.js AI (source-diff): Vite-minified bundle output; consistent with this package's build process across versions. ai
source-diff obfuscated-file:dist/assets/index-DfEL4EoZ.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with this package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-5SfXuxY8.js AI (source-diff): Vite build output; minified bundle is expected for this UI component library across all versions. ai
source-diff obfuscated-file:dist/assets/index-VtyZXbcX.js AI (source-diff): Vite build output; minified bundle is expected for this UI component package across all versions. ai
source-diff obfuscated-file:dist/assets/index-C6fFlN44.js AI (source-diff): Vite-minified bundle output; consistent with declared build toolchain across hundreds of prior versions. ai
source-diff obfuscated-file:dist/assets/index-CYGc43DF.js AI (source-diff): Vite-minified bundle output; consistent with this package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-DhfoyWqH.js AI (source-diff): Standard Vite minified bundle output; consistent with this UI library's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-CpL0OzQe.js AI (source-diff): Vite-minified bundle; sample shows standard Preact runtime, not obfuscated malware. Expected output for this package. ai
source-diff obfuscated-file:dist/assets/index-DW3oDW2x.js AI (source-diff): Standard Vite minified bundle output; consistent with package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-VBNF5XU6.js AI (source-diff): Standard Vite minified bundle output; consistent with this UI library's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-2U-geWXW.js AI (source-diff): Vite build output; minified bundle is expected for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-CtK3gKmz.js AI (source-diff): Vite-minified bundle output; consistent with package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-CN7NOsU1.js AI (source-diff): Vite build output; minified Preact bundle is expected for this UI component package. ai
source-diff obfuscated-file:dist/assets/index-C633aCLX.js AI (source-diff): Vite-minified UI bundle; expected output for this component library across all versions. ai
source-diff obfuscated-file:dist/assets/index-Bw5lfMyC.js AI (source-diff): Vite build output; minified bundle is expected for this package across all versions. ai
source-diff obfuscated-file:dist/assets/index-BARRJLDS.js AI (source-diff): Vite-minified bundle output; consistent with this package's build tooling across 600+ versions. ai
source-diff obfuscated-file:dist/assets/index-CxjQf3zP.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-Da5DzEm7.js AI (source-diff): Vite-minified bundle output; consistent with package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-e6a_nD09.js AI (source-diff): Standard Vite minified bundle output for a Preact UI library; not obfuscation. ai
source-diff obfuscated-file:dist/assets/index-Ckhkl_Z7.js AI (source-diff): Standard Vite minified bundle output; consistent with package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-De8vMrLM.js AI (source-diff): Vite-minified bundle output; consistent with build toolchain across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-H7sHo25d.js AI (source-diff): Standard Vite minified bundle output for a UI library; pattern is stable across versions. ai
source-diff obfuscated-file:dist/assets/index-DF6IrVzN.js AI (source-diff): Vite-minified bundle output; consistent with this package's documented build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-BSWv-254.js AI (source-diff): Vite build output; minified bundle is expected for this UI component package across all versions. ai
source-diff obfuscated-file:dist/assets/index-D8mJcEJU.js AI (source-diff): Standard Vite minified bundle output; consistent pattern across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-9r6yZyui.js AI (source-diff): Vite build output; minified bundle is expected for this UI component library. ai
source-diff obfuscated-file:dist/assets/index-DnoiPFeY.js AI (source-diff): Vite build output; minified Preact bundle is expected for this UI package. ai
source-diff obfuscated-file:dist/assets/index-B03jTBcJ.js AI (source-diff): Standard Vite minified bundle output for a Preact UI library; not malicious obfuscation. ai
source-diff obfuscated-file:dist/assets/index-CexI3FJH.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across hundreds of versions. ai
source-diff obfuscated-file:dist/assets/index-BGKEFQD2.js AI (source-diff): Vite build output; minified bundle is expected for this UI component package across all versions. ai
source-diff obfuscated-file:dist/assets/index-NbQDeaR8.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-CVbW7_1E.js AI (source-diff): Standard Vite minified bundle output; consistent with package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-Dk5Om42n.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-IwESuPte.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-Dc4ivSGQ.js AI (source-diff): Standard Vite/Preact minified bundle output; expected artifact for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-BryUleTW.js AI (source-diff): Vite-minified bundle output; expected artifact for this Preact UI package. ai
source-diff obfuscated-file:dist/assets/index-C9X3YDX2.js AI (source-diff): Vite build output; minified bundle is expected for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-Daaqxkck.js AI (source-diff): Vite-minified bundle output; hash-named dist files are the normal build artifact for this UI library. ai
source-diff obfuscated-file:dist/assets/index-CW2qbsgu.js AI (source-diff): Standard Vite minified bundle output; consistent pattern across all versions of this UI component package. ai
source-diff obfuscated-file:dist/assets/index-lN5bFBpt.js AI (source-diff): Vite build output; minified dist files are expected for this UI component library across all versions. ai
source-diff obfuscated-file:dist/assets/index-pkftLz-z.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with this package's documented build toolchain. ai
source-diff obfuscated-file:dist/assets/index-D5Ylyzoz.js AI (source-diff): Vite build output with hash-named assets; minification is expected for this UI component package. ai
source-diff obfuscated-file:dist/assets/index-CK7voUYT.js AI (source-diff): Standard Vite minified bundle output for a UI library; pattern is stable across versions. ai
source-diff obfuscated-file:dist/assets/index-CwiOZQTG.js AI (source-diff): Vite build output; minified bundle is expected for this UI component library. ai
source-diff obfuscated-file:dist/assets/index-B220btuN.js AI (source-diff): Vite-minified bundle output; standard for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-BCxvmfZG.js AI (source-diff): Standard Vite minified bundle for a Preact UI lib; pattern is stable across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-D5ysYAlG.js AI (source-diff): Vite-minified bundle output; standard for this UI library's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-l4v98F8B.js AI (source-diff): Standard Vite minified bundle output; expected artifact for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-DN5RR_zO.js AI (source-diff): Standard Vite minified bundle output for a UI library; content is normal Preact framework code. ai
source-diff obfuscated-file:dist/assets/index-UXSUmk6N.js AI (source-diff): Standard Vite minified bundle output; consistent with this UI library's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-Cux6KzXg.js AI (source-diff): Vite-minified bundle output; standard for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-IUPV7k3y.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent pattern across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-DZhbhywg.js AI (source-diff): Vite-minified bundle output; standard for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-Cb479PuV.js AI (source-diff): Vite-minified bundle output; consistent with package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-_HJ4bZ3x.js AI (source-diff): Vite build output; minified bundle is expected for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-CCoBoI4y.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-BxF5_6Mb.js AI (source-diff): Standard Vite minified bundle output; expected artifact for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-BPBDo8B7.js AI (source-diff): Minified Vite build output; consistent with this package's established build pipeline across hundreds of versions. ai
source-diff obfuscated-file:dist/assets/index-DznkEE5t.js AI (source-diff): Standard Vite minified bundle output; consistent pattern across all versions of this UI package. ai
source-diff obfuscated-file:dist/assets/index-DiJStIyY.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-B4lu2OfT.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across versions. ai
source-diff obfuscated-file:dist/assets/index-D2QhinmF.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-Ji2Z4rPe.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with package's documented build process. ai
source-diff obfuscated-file:dist/assets/index-CgIBzlJI.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-ClzJpqlo.js AI (source-diff): Standard Vite minified bundle output; consistent with this package's build toolchain across all versions. ai
source-diff obfuscated-file:dist/assets/index-BF_ptOLQ.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent pattern across all versions of this UI package. ai
source-diff obfuscated-file:dist/assets/index-0Rw-cfJW.js AI (source-diff): Vite build output; minified UI bundle is expected for this package across all versions. ai
source-diff obfuscated-file:dist/assets/index-C-D0TIYI.js AI (source-diff): Vite build output for a UI library; minified bundle is expected and consistent with prior releases. ai
source-diff obfuscated-file:dist/assets/index-B4O6aYHn.js AI (source-diff): Standard Vite/Preact minified bundle output; not malicious obfuscation. ai
source-diff obfuscated-file:dist/assets/index-DnSmMbAA.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-CNOnvUBo.js AI (source-diff): Standard Vite minified bundle output for a Preact UI library; not obfuscation. ai
source-diff obfuscated-file:dist/assets/index-D0zuLYba.js AI (source-diff): Vite-minified bundle; expected output for this Preact/Vite UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-D8qstojk.js AI (source-diff): Vite build output; minified bundle is expected for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-z3vtjGrV.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with this UI library's build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-D5wtCnwE.js AI (source-diff): Standard Vite minified bundle output for a UI library; not obfuscation. ai
source-diff obfuscated-file:dist/assets/index-DDp_j1eh.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with package's documented build process across all versions. ai
source-diff obfuscated-file:dist/assets/index-Cu4Yfdzs.js AI (source-diff): Standard Vite minified bundle output for a UI library; pattern is stable across versions. ai
source-diff obfuscated-file:dist/assets/index-A1kZXKAm.js AI (source-diff): Standard Vite minified bundle output; consistent with declared build toolchain across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-CfFcQ11c.js AI (source-diff): Standard Vite minified bundle output for a Preact UI library; not obfuscation. ai
source-diff obfuscated-file:dist/assets/index-D-3ceIAr.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent pattern across all versions of this UI library. ai
source-diff obfuscated-file:dist/assets/index-CSpfE8jq.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent pattern across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-Ce_Bg-N7.js AI (source-diff): Vite build output; minified Preact bundle is expected for this UI library across all versions. ai
source-diff obfuscated-file:dist/assets/index-CcDNYxm3.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-qGQsE9aU.js AI (source-diff): Standard Vite minified bundle for a Preact UI library; not obfuscated malware. ai
source-diff obfuscated-file:dist/assets/index-CUYFmKkx.js AI (source-diff): Standard Vite minified bundle output; consistent with declared build toolchain across all versions of this package. ai
source-diff obfuscated-file:dist/assets/index-BC0taJXW.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI library's build pipeline. ai
source-diff obfuscated-file:dist/assets/index-mdodVdVn.js AI (source-diff): Vite-minified bundle output; expected artifact for this UI package across all versions. ai
source-diff obfuscated-file:dist/assets/index-BOfBKTzy.js AI (source-diff): Vite build output; minified bundle is expected for this UI component library across all versions. ai
source-diff obfuscated-file:dist/assets/index-DXVOv26Q.js AI (source-diff): Vite build output for a UI component library; minified bundle is expected and consistent across versions. ai
source-diff obfuscated-file:dist/assets/index-Ca5nZ-Jh.js AI (source-diff): Standard Vite minified bundle output; consistent with declared vite build toolchain across all versions. ai
phantom-deps phantom-dep:preact AI (phantom-deps): Declared runtime dep; core to Preact build toolchain. ai
phantom-deps phantom-dep:@juggle/resize-observer AI (phantom-deps): Declared runtime dep; used in UI component context. ai
phantom-deps phantom-dep:uuid AI (phantom-deps): Declared runtime dep; used in TypeScript/config context. ai

Versions (showing 4 of 104)

Version Deps Published
1.0.554 3 / 26
1.0.553 3 / 26
1.0.552 3 / 26
1.0.551 3 / 26

v1.0.554

2 findings
HIGH New obfuscated file: dist/assets/index-lN5bFBpt.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.553

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.552

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.551

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.