@harperfast/harper-pro
Harper is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:studio/web/assets/editor.worker-B_l_6FzL.js | AI (source-diff): Monaco editor worker bundle; standard minified web asset. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-C7NNFu2d.js | AI (source-diff): Visualization vendor bundle; net+exec pattern from bundled charting libraries, not malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-8c7X2LZU.js | AI (source-diff): React vendor bundle; net+exec pattern from bundled React/fetch code, not malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-misc-DxjG_4SA.js | AI (source-diff): Vite vendor bundle; net+exec pattern from bundled libraries, not malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-core-BIaPAR5C.js | AI (source-diff): Vite vendor bundle (Axios/Zod etc.); net+exec pattern from bundled HTTP client, not malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/ts.worker-aG3Cc-4f.js | AI (source-diff): Monaco TS worker; network+eval pattern is inherent to language service workers, not malware. | ai | |
| source-diff | obfuscated-file:studio/web/assets/yaml.worker-ChzF1h2E.js | AI (source-diff): Monaco YAML worker bundle; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/ts.worker-aG3Cc-4f.js | AI (source-diff): Monaco TypeScript worker bundle; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-DEEb31XH.js | AI (source-diff): Vite/Rolldown status page bundle for Studio UI; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-B-xiyCsJ.js | AI (source-diff): Vite/Rolldown profile page bundle for Studio UI; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/json.worker-BmxO7D0H.js | AI (source-diff): Monaco JSON worker bundle; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-BA-5bmxI.js | AI (source-diff): Vite/Rolldown main bundle for Studio UI; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/html.worker-B8ncSvT2.js | AI (source-diff): Monaco HTML worker bundle; standard minified web asset. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-BcssiTYO.js | AI (source-diff): Vite/Rolldown minified frontend bundle for HarperDB Studio UI; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:studio/web/assets/cssMode-D-UZ60Qc.js | AI (source-diff): Monaco CSS mode bundle for Studio UI. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get in a proxy/scope wrapper for HarperDB's sandboxing architecture; not evasion. | ai | |
| source-diff | obfuscated-file:studio/web/assets/cytoscape.esm-C8YCVR3_.js | AI (source-diff): Cytoscape.js graph library ESM bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/css.worker-Bc2vUX6D.js | AI (source-diff): Monaco editor CSS worker bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/cose-bilkent-S5V4N54A-I4O-7-WZ.js | AI (source-diff): Cytoscape cose-bilkent layout algorithm bundle for Studio UI. | ai | |
| source-diff | net-exec-file:studio/web/assets/chunk-NNHCCRGN-DlpIbxXb.js | AI (source-diff): LSP (Language Server Protocol) type definitions bundle; network+eval pattern is false positive for this use case. | ai | |
| source-diff | obfuscated-file:studio/web/assets/Chat-DMBW4pI2.js | AI (source-diff): Studio UI chat component bundle; standard Vite minification. | ai | |
| source-diff | obfuscated-file:studio/web/assets/c4Diagram-AAUBKEIU-Bhh7i-pv.js | AI (source-diff): Mermaid C4 diagram bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-kCMf1ZBL.js | AI (source-diff): Studio UI component bundle with axios/react imports; standard minified frontend code. | ai | |
| source-diff | obfuscated-file:studio/web/assets/blockDiagram-GPEHLZMM-DJklkuID.js | AI (source-diff): Mermaid block diagram bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/architectureDiagram-3BPJPVTR--g3jTjku.js | AI (source-diff): Mermaid/Cytoscape architecture diagram bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/arc-0caRzfL1.js | AI (source-diff): D3 arc chart code, minified Vite bundle for Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/applications-CigxJarn.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio web UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-DSL-499E.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio web UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-BRW5QtzY.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio web UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-DhLu-DHX.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio web UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-O0DYlJUv.js | AI (source-diff): Vite/Rolldown bundled frontend asset; minification is expected for this web studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-CmtPP0YO.js | AI (source-diff): Vite/Rolldown bundled frontend asset; minification is expected for this web studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-BIlJkJby.js | AI (source-diff): Vite/Rolldown bundled frontend asset; minification is expected for this web studio UI. | ai | |
| dependencies | unvetted-dep:validate.js | AI (dependencies): validate.js is a well-known, benign validation library; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-D77bwywc.js | AI (source-diff): Vite/Rolldown-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-BqaHkv91.js | AI (source-diff): Vite/Rolldown-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-BJjklK4V.js | AI (source-diff): Vite/Rolldown-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-DlC3nLj3.js | AI (source-diff): Bundled visualization vendor chunk for HarperDB Studio UI; patterns are from charting library internals. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-Cyct1o5I.js | AI (source-diff): Bundled React vendor chunk for HarperDB Studio UI; network+eval patterns are from React/axios internals. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-ChxVrrli.js | AI (source-diff): Vite/Rolldown-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-ZSCDRpol.js | AI (source-diff): Bundled visualization vendor chunk for Studio UI; standard minified library output. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-9UzkyydK.js | AI (source-diff): Bundled React vendor chunk for Studio UI; network+eval patterns are from React/library internals, not malware. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-CTVScYc8.js | AI (source-diff): Vite/Rolldown bundled frontend asset for HarperDB Studio UI; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-CYGLFi1u.js | AI (source-diff): Vite/Rolldown bundled frontend asset for HarperDB Studio UI; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-B_oawaxm.js | AI (source-diff): Vite/Rolldown bundled frontend asset for HarperDB Studio UI; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-CgbKZc--.js | AI (source-diff): Vite/Rolldown bundled frontend asset for HarperDB Studio UI; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-Tv7e9k8K.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malware. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-voeNsl4C.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malware. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-110CCE-v.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malware. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-BeDlmXju.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-26y1EUMG.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-CWeBJPXe.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-V4IQ8FFq.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-BrfTnnpt.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-core-f32UXcS5.js | AI (source-diff): Vite vendor bundle (axios, etc.) for Studio UI; network+eval pattern is false positive for bundled frontend code. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-misc-DKMU5hOJ.js | AI (source-diff): Vite vendor bundle for Studio UI; false positive. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-Dj1rnUQ4.js | AI (source-diff): Vite vendor bundle (React) for Studio UI; false positive. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-Db_2kM67.js | AI (source-diff): Vite vendor bundle (visualization libs) for Studio UI; false positive. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-Dyrp-ZIJ.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-BIjBsaWw.js | AI (source-diff): Standard Vite/Rolldown minified bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New studio web UI build artifacts; expected for a full-stack database platform. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-KVqwJsbk.js | AI (source-diff): Standard Vite/Rolldown minified UI bundle; not obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-DAsdweRg.js | AI (source-diff): Standard Vite/Rolldown minified UI bundle; not obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-CKW3SZJG.js | AI (source-diff): Standard Vite/Rolldown minified UI bundle; not obfuscation. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-Bu6T8W_w.js | AI (source-diff): Vite vendor bundle (visualization libs); net-exec pattern is false positive for bundled UI libraries. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-CxrkcGr7.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-core-D9powGyb.js | AI (source-diff): Vite vendor bundle (axios + utilities); network calls and dynamic patterns are standard bundled library code. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-misc-Ca8iItyG.js | AI (source-diff): Vite vendor bundle (floating-ui/popper etc.); net-exec pattern is false positive for bundled UI libraries. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-DSi8mF-Y.js | AI (source-diff): Vite vendor bundle (React ecosystem); net-exec pattern is false positive for bundled UI libraries. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-Nyh_djVh.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-DfcUUI7w.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-IcGoxtBp.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-7-bH4Dg3.js | AI (source-diff): Vite/Rolldown minified frontend bundle; stable pattern for this package's studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-BjwD_EXc.js | AI (source-diff): Vite/Rolldown minified frontend bundle; stable pattern for this package's studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-WCta5cFe.js | AI (source-diff): Vite/Rolldown minified frontend bundle; stable pattern for this package's studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-DI-LWtGo.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-morXXTZA.js | AI (source-diff): Visualization vendor bundle for Studio UI; not dropper/loader malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-C3fPIb_V.js | AI (source-diff): React vendor bundle for Studio UI; not dropper/loader malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-misc-Bj3r0doz.js | AI (source-diff): Vendor bundle (floating-ui etc.) for Studio UI; not dropper/loader malware. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-core-8FI3Cbaa.js | AI (source-diff): Vendor bundle (axios + zod) for Studio UI; network calls and dynamic code are legitimate library patterns. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-DQa37TIR.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-1vGw6eGc.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI. | ai | |
| source-diff | obfuscated-file:studio/web/assets/button-b8IkGZ_9.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-qbLPhOzw.js | AI (source-diff): Vite-bundled studio UI asset with accompanying .js.map; standard minification for a web frontend, not obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-F3bEc3dt.js | AI (source-diff): Minified React UI component for user profile editing; no malicious indicators. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-DlmBuk_k.js | AI (source-diff): Standard Vite/Rolldown minified frontend bundle for HarperDB Studio; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-CnVRDPsO.js | AI (source-diff): Minified React UI component for status/metrics display; no malicious indicators. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-4WybhUdn.js | AI (source-diff): Standard Vite-bundled Studio UI asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-BAnbW0Rq.js | AI (source-diff): Standard Vite-bundled Studio UI asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-CFSLl1du.js | AI (source-diff): Standard Vite-bundled Studio UI asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-misc-DiaKLG2J.js | AI (source-diff): Vite-bundled vendor bundle for Studio UI; no malicious patterns in sample. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-viz-Cs-GQIim.js | AI (source-diff): Vite-bundled visualization vendor bundle (mermaid/charts) for Studio UI; no malicious patterns. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-react-DyY32duL.js | AI (source-diff): Vite-bundled React vendor bundle for Studio UI; standard minified React code. | ai | |
| source-diff | net-exec-file:studio/web/assets/vendor-core-DlDjzdYO.js | AI (source-diff): Vite-bundled vendor bundle (axios, etc.) for Studio UI; network+eval pattern is from legitimate library code. | ai | |
| source-diff | obfuscated-file:studio/web/assets/status-DwYg6LpK.js | AI (source-diff): Vite-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/profile-DX5mq9gw.js | AI (source-diff): Vite-bundled frontend asset for HarperDB Studio; minification is expected. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-DEbcplKh.js | AI (source-diff): Vite-bundled frontend asset for HarperDB Studio; minification is expected for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established HarperDB publisher; absence of Sigstore attestation is common and not a risk signal here. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-DL0ibcSu.js | AI (source-diff): Standard Vite-minified bundle with source map; pattern is stable across studio UI releases of this package. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-Dq1Ma4KE.js | AI (source-diff): Standard Vite-bundled frontend asset for HarperDB Studio; minification is expected and the source map is included. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-BftP-yQ8.js | AI (source-diff): Standard Vite-minified frontend bundle with accompanying source map; expected for HarperDB Studio UI across all versions. | ai | |
| source-diff | obfuscated-file:studio/web/assets/index-C0And10y.js | AI (source-diff): Standard Vite-bundled web UI asset with accompanying source map; not malicious obfuscation. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Decoding application payload tarballs from base64 is a documented deployment feature of this platform. | ai | |
| phantom-deps | phantom-dep:human-readable-ids | AI (phantom-deps): Config-file reference; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:node-stream-zip | AI (phantom-deps): Config-file reference; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:cli-progress | AI (phantom-deps): Config-file reference; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:ulidx | AI (phantom-deps): Config-file reference; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:pino | AI (phantom-deps): Config-file reference; heuristic false positive for this large platform package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): jsLoader.ts is a documented JS module loader; dynamic require is the core feature, not a risk. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Server process management (stop.js) legitimately uses child_process; stable for this package. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding in cryptoHash.js is standard AES decryption (IV + ciphertext); not obfuscation. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Database platform spreading process.env for subprocess execution (git SSH) is expected operational behavior. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 5.1.0 | 81 / 34 | |
| 5.0.31 | 80 / 31 | |
| 5.0.28 | 80 / 31 | |
| 5.0.27 | 80 / 31 | |
| 5.0.25 | 80 / 31 | |
| 5.0.23 | 80 / 31 | |
| 5.0.22 | 80 / 31 | |
| 5.0.21 | 80 / 31 | |
| 5.0.20 | 80 / 31 | |
| 5.0.19 | 80 / 31 | |
| 5.0.18 | 80 / 31 | |
| 5.0.17 | 80 / 31 | |
| 5.0.14 | 80 / 31 | |
| 5.0.13 | 80 / 31 | |
| 5.0.12 | 80 / 31 | |
| 5.0.10 | 80 / 31 | |
| 5.0.9 | 80 / 31 | |
| 5.0.8 | 80 / 31 | |
| 5.0.7 | 80 / 31 | |
| 5.0.6 | 80 / 32 | |
| 5.0.5 | 80 / 31 | |
| 5.0.4 | 80 / 31 | |
| 5.0.3 | 80 / 31 | |
| 5.0.2 | 80 / 31 | |
| 5.0.1 | 80 / 31 | |
| 5.0.0 | 80 / 31 |
v5.1.0
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.31
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.28
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.27
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.25
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.23
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.22
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.21
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.20
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.19
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.18
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.17
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.14
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.13
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.12
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.