@murumets-ee/blocks
Block rendering utilities — rich text renderer with HTML sanitization and Slate JSON support.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/environments.mjs | AI (source-diff): Standard minified ESM build output; samples show field-definition helpers, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/library.mjs | AI (source-diff): Standard minified ESM build output; samples show block library helpers, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:@dnd-kit/dom | AI (phantom-deps): Likely bundled into dist output by tsdown; not directly imported at source level but legitimately used. | ai | |
| source-diff | obfuscated-file:dist/themes-default.mjs | AI (source-diff): Standard minified ESM build output; samples show sanitize-html config and React rendering, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/admin.mjs | AI (source-diff): Standard minified ESM build output from tsdown; samples show domain logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/editor.mjs | AI (source-diff): Standard minified ESM bundle; tiptap/immer/zod/dnd-kit imports visible, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/plugin.mjs | AI (source-diff): Standard minified ESM bundle; drizzle-orm/zod imports visible, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/render.mjs | AI (source-diff): Standard minified ESM bundle; react rendering logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/server.mjs | AI (source-diff): Standard minified ESM bundle; drizzle-orm/zod/fs imports visible, no exfiltration. | ai | |
| source-diff | obfuscated-file:dist/editor.d.mts | AI (source-diff): TypeScript declaration file with long lines; not executable, not obfuscated. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major feature expansion (editor, server, plugin modules) with bundleBudget config confirming intentional size. | ai | |
| phantom-deps | phantom-dep:@tiptap/pm | AI (phantom-deps): Peer/transitive dep of tiptap ecosystem; used indirectly via @tiptap/core. | ai | |
| phantom-deps | phantom-dep:@tiptap/core | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| phantom-deps | phantom-dep:@tiptap/react | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| phantom-deps | phantom-dep:sanitize-html | AI (phantom-deps): Bundled into dist; visible in core.mjs imports. | ai | |
| phantom-deps | phantom-dep:@murumets-ee/content-api | AI (phantom-deps): Same org monorepo package; bundled into dist outputs. | ai | |
| source-diff | obfuscated-file:dist/traits.mjs | AI (source-diff): Standard minified ESM bundle; trait field definitions, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:react-colorful | AI (phantom-deps): Bundled into dist; visible in editor.mjs imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/starter-kit | AI (phantom-deps): Bundled into dist; phantom-dep heuristic fires on pre-bundled packages. | ai | |
| source-diff | obfuscated-file:dist/contributions.mjs | AI (source-diff): Standard minified ESM bundle from tsdown; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/core.mjs | AI (source-diff): Standard minified ESM bundle; sanitize-html/react imports visible, no exfiltration. | ai | |
| source-diff | obfuscated-file:dist/react.mjs | AI (source-diff): Minified ESM build output from tsdown; React wrapper around the same benign HTML sanitizer logic. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Minified ESM build output from tsdown; content is a benign HTML sanitizer/renderer with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Standard tsup minified output; code is readable HTML sanitization logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/react.cjs | AI (source-diff): Standard tsup minified output; mirrors index.cjs with React renderer, no malicious patterns. | ai |
Versions (showing 51 of 57)
| Version | Deps | Published |
|---|---|---|
| 0.27.0 | 18 / 12 | |
| 0.26.3 | 18 / 12 | |
| 0.26.2 | 18 / 12 | |
| 0.26.1 | 18 / 12 | |
| 0.26.0 | 18 / 12 | |
| 0.25.0 | 17 / 11 | |
| 0.24.1 | 17 / 11 | |
| 0.24.0 | 17 / 11 | |
| 0.23.2 | 1 / 10 | |
| 0.23.1 | 1 / 10 | |
| 0.23.0 | 1 / 10 | |
| 0.22.1 | 1 / 10 | |
| 0.22.0 | 1 / 10 | |
| 0.21.1 | 1 / 10 | |
| 0.21.0 | 1 / 10 | |
| 0.20.0 | 1 / 10 | |
| 0.19.0 | 1 / 10 | |
| 0.18.0 | 1 / 10 | |
| 0.17.1 | 1 / 10 | |
| 0.17.0 | 1 / 10 | |
| 0.16.5 | 1 / 10 | |
| 0.16.4 | 1 / 10 | |
| 0.16.3 | 1 / 10 | |
| 0.16.2 | 1 / 10 | |
| 0.16.1 | 1 / 10 | |
| 0.16.0 | 1 / 10 | |
| 0.15.4 | 1 / 10 | |
| 0.15.3 | 1 / 10 | |
| 0.15.2 | 1 / 10 | |
| 0.15.1 | 1 / 10 | |
| 0.15.0 | 1 / 10 | |
| 0.14.0 | 1 / 10 | |
| 0.13.3 | 1 / 10 | |
| 0.13.2 | 1 / 10 | |
| 0.13.1 | 1 / 10 | |
| 0.13.0 | 1 / 10 | |
| 0.12.0 | 1 / 10 | |
| 0.11.0 | 0 / 6 | |
| 0.10.0 | 0 / 6 | |
| 0.9.0 | 0 / 6 | |
| 0.8.0 | 0 / 6 | |
| 0.7.0 | 0 / 6 | |
| 0.6.1 | 0 / 6 | |
| 0.6.0 | 0 / 6 | |
| 0.5.1 | 0 / 6 | |
| 0.5.0 | 0 / 6 | |
| 0.4.8 | 0 / 6 | |
| 0.4.6 | 0 / 6 | |
| 0.4.5 | 0 / 6 | |
| 0.4.0 | 0 / 6 | |
| 0.3.0 | 0 / 6 |
v0.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.