@mux/mux-video
A custom mux video element for the browser that Just Works™
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/base.mjs | AI (source-diff): esbuild --minify output; build scripts confirm minification; SLSA provenance attests CI build. | ai | |
| source-diff | obfuscated-file:dist/ads/index.mjs | AI (source-diff): esbuild --minify output; build scripts confirm minification; SLSA provenance attests CI build. | ai | |
| source-diff | obfuscated-file:dist/ads/mixin/index.mjs | AI (source-diff): esbuild --minify output; build scripts confirm minification; SLSA provenance attests CI build. | ai | |
| dependencies | unvetted-dep:custom-media-element | AI (dependencies): custom-media-element is a well-known base class for media web components; expected dependency for this package. | ai | |
| dependencies | unvetted-dep:media-tracks | AI (dependencies): media-tracks is a well-known web media component library; expected dependency for a video web component from Mux. | ai | |
| dependencies | unvetted-dep:@mux/mux-data-google-ima | AI (dependencies): First-party Mux package for Google IMA ads integration; expected dependency for @mux/mux-video ads support. | ai | |
| dependencies | unvetted-dep:castable-video | AI (dependencies): castable-video is a legitimate web component for Chromecast support; expected dependency for a video player package. | ai | |
| dependencies | unvetted-dep:@mux/playback-core | AI (dependencies): First-party Mux package; expected core dependency for @mux/mux-video. | ai |
Versions (showing 20 of 20)
| Version | Deps | Published |
|---|---|---|
| 0.31.0 | 5 / 18 | |
| 0.30.7 | 5 / 18 | |
| 0.30.6 | 5 / 18 | |
| 0.30.5 | 5 / 18 | |
| 0.30.4 | 5 / 18 | |
| 0.30.3 | 5 / 18 | |
| 0.30.2 | 5 / 18 | |
| 0.29.2 | 5 / 18 | |
| 0.29.1 | 5 / 18 | |
| 0.29.0 | 5 / 18 | |
| 0.28.2 | 5 / 18 | |
| 0.28.1 | 5 / 18 | |
| 0.28.0 | 5 / 18 | |
| 0.27.2 | 5 / 18 | |
| 0.27.1 | 5 / 18 | |
| 0.27.0 | 5 / 18 | |
| 0.26.1 | 5 / 18 | |
| 0.26.0 | 5 / 17 | |
| 0.25.3 | 4 / 16 | |
| 0.25.2 | 4 / 16 |
v0.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.