← Home

@mediabunny/mp3-encoder

npm Repository Homepage
11
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

vanilagy

Keywords

mp3encodingcodecmediabunnylamebrowserwasmpolyfill

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff encoded-string-file:dist/modules/build/lame.js AI (source-diff): Base64-encoded WASM binary embedded by Emscripten; expected for this LAME-based MP3 encoder package. ai
source-diff encoded-string-file:dist/bundles/mediabunny-mp3-encoder.js AI (source-diff): Inlined worker bundle containing Emscripten WASM runtime; standard pattern for this package. ai
source-diff encoded-string-file:dist/bundles/mediabunny-mp3-encoder.min.js AI (source-diff): Minified bundle with embedded WASM; expected build artifact for this package. ai
source-diff encoded-string-file:dist/bundles/mediabunny-mp3-encoder.min.mjs AI (source-diff): Minified ESM bundle with embedded WASM; expected build artifact for this package. ai
source-diff encoded-string-file:dist/bundles/mediabunny-mp3-encoder.mjs AI (source-diff): ESM bundle with inlined worker and WASM; expected build artifact for this package. ai
provenance publisher-changed AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with legitimate automation migration for this package. ai

Versions (showing 11 of 113)

Version Deps Published
1.9.0 0 / 1
1.8.0 0 / 1
1.7.6 0 / 1
1.7.5 0 / 1
1.7.4 0 / 1
1.7.3 0 / 1
1.7.2 0 / 1
1.7.1 0 / 1
1.7.0 0 / 1
1.6.2 0 / 1
1.6.1 0 / 1

v1.9.0

6 findings
HIGH Long encoded string in modified file: dist/modules/build/lame.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.min.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.min.mjs source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.mjs source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.8.0

6 findings
HIGH Long encoded string in modified file: dist/modules/build/lame.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.min.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.min.mjs source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/bundles/mediabunny-mp3-encoder.mjs source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.