@polkadot/util-crypto
A collection of useful crypto utilities for @polkadot
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/en.js | AI (source-diff): BIP-39 English wordlist stored as a pipe-delimited string — standard format for mnemonic word lists, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/es.js | AI (source-diff): BIP-39 Spanish wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/en.js | AI (source-diff): BIP-39 English wordlist stored as a pipe-delimited string — standard format for mnemonic word lists, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/zh-t.js | AI (source-diff): BIP-39 Traditional Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/zh-t.js | AI (source-diff): BIP-39 Traditional Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/zh-s.js | AI (source-diff): BIP-39 Simplified Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/zh-s.js | AI (source-diff): BIP-39 Simplified Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/ko.js | AI (source-diff): BIP-39 Korean wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/ko.js | AI (source-diff): BIP-39 Korean wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/jp.js | AI (source-diff): BIP-39 Japanese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/jp.js | AI (source-diff): BIP-39 Japanese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/it.js | AI (source-diff): BIP-39 Italian wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/it.js | AI (source-diff): BIP-39 Italian wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/fr.js | AI (source-diff): BIP-39 French wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/fr.js | AI (source-diff): BIP-39 French wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/es.js | AI (source-diff): BIP-39 Spanish wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Significant source reduction in mature crypto utility library likely reflects legitimate refactoring/cleanup, not code replacement. Consistent with established publisher's track record. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/bip39-en.js | AI (source-diff): The 'obfuscated' file is the BIP39 English wordlist stored as a pipe-delimited string — a standard data file, not obfuscated code. Long line is 2048 mnemonic words concatenated. | ai | |
| dependencies | unvetted-dep:@types/pbkdf2 | AI (dependencies): @types/pbkdf2 is a standard TypeScript type definition package for the pbkdf2 library. Low risk for this well-established crypto utility package. | ai | |
| dependencies | unvetted-dep:@polkadot/schnorrkel-js | AI (dependencies): @polkadot/schnorrkel-js is the official Schnorr/sr25519 WASM binding from the same Polkadot JS organization; entirely expected in this crypto utility package. | ai | |
| dependencies | unvetted-dep:@types/secp256k1 | AI (dependencies): @types/secp256k1 is a DefinitelyTyped TypeScript type definition package for the secp256k1 library — a legitimate and expected dependency for a crypto utility package. | ai | |
| phantom-deps | phantom-dep:@noble/hashes | AI (phantom-deps): @noble/hashes is vendored/bundled under ./noble-hashes/lib/ in the package exports map; not imported via node_modules path. Phantom-dep detection is a false positive for this bundling pattern. | ai | |
| source-diff | obfuscated-file:noble-hashes/lib/sha512.cjs | AI (source-diff): File is Babel-transpiled CJS output of the @noble/hashes library (MIT, paulmillr.com). Long lines are due to transpiler helpers and inline SHA-512 constants, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 150 new files are the vendored @noble/hashes library replacing multiple older hash dependencies. Deliberate consolidation by a trusted publisher, not injected code. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): polkadotjs publisher has 4079 approved/0 rejected packages; dormancy followed by legitimate coordinated ecosystem release is expected for this well-established package. | ai | |
| dependencies | unvetted-dep:elliptic | AI (dependencies): elliptic is a well-known JS elliptic curve library; its use in a crypto utility package for secp256k1 operations is expected and legitimate. | ai | |
| phantom-deps | phantom-dep:create-hash | AI (phantom-deps): create-hash is a standard hashing dependency; phantom detection is a false positive for this crypto utility package. | ai | |
| phantom-deps | phantom-dep:bn.js | AI (phantom-deps): bn.js is a standard big-number dependency used transitively in crypto operations; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/secp256k1 | AI (phantom-deps): @types/* packages are TypeScript type definitions loaded by convention, not directly imported. This is standard practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/pbkdf2 | AI (phantom-deps): @types/* packages are TypeScript type definitions loaded by convention, not directly imported. This is standard practice for this package. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding is used to load the compiled schnorrkel WebAssembly binary — canonical WASM-in-npm pattern, not a hidden payload. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require() in wasm-bindgen generated glue code for schnorrkel WASM module — standard wasm-bindgen output, not malicious. | ai | |
| source-diff | obfuscated-file:schnorrkel/schnorrkel-js/schnorrkel_js_bg.js | AI (source-diff): This file is a wasm-bindgen generated JS wrapper containing a hex-encoded WebAssembly binary (schnorrkel/sr25519). The pattern is canonical for WASM-in-npm packages and is not obfuscation. | ai | |
| source-diff | obfuscated-file:schnorrkel/schnorrkel-js/schnorrkel_js_wasm.js | AI (source-diff): File is a base64-encoded WebAssembly binary (AGFzbQ = \0asm magic bytes) generated by wasm-bindgen. Standard pattern for WASM-based crypto libraries in the Polkadot ecosystem. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() is standard wasm-bindgen glue code for bridging WASM imports to JS. Input comes from WASM memory, not user-controlled external sources. | ai | |
| source-diff | encoded-string-file:blake2/asHex.spec.js | AI (source-diff): Long strings in spec files are cryptographic test vectors (expected hash outputs), not encoded payloads. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is entirely explained by the embedded WASM binary for Schnorrkel signatures, a legitimate cryptographic addition. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): bip39 and @types/bip39 are legitimate, well-known packages expected in a blockchain crypto utility library; addition is consistent with the package's purpose. | ai | |
| phantom-deps | phantom-dep:@types/webassembly-js-api | AI (phantom-deps): @types/* packages are TypeScript type declarations; not being directly imported is expected and normal for this package type. | ai | |
| phantom-deps | phantom-dep:@types/xxhashjs | AI (phantom-deps): @types/* packages are TypeScript type declarations; not being directly imported is expected and normal for this package type. | ai | |
| dependencies | unvetted-dep:@types/bip39 | AI (dependencies): @types/bip39 is a TypeScript type definitions package — purely a development/type aid with no runtime risk. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/bip39 | AI (phantom-deps): @types/bip39 is a TypeScript type definitions package; it is normal for TS libraries to declare @types/* as dependencies for consumers even without direct imports. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; trusted publisher with 8385 approved packages. Stable false positive for this package. | ai | |
| source-diff | encoded-string-file:blake2/blake2b/asHex.spec.js | AI (source-diff): Long hex strings in this file are cryptographic test vectors for blake2b correctness verification — standard practice in crypto library test suites, not malicious payloads. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): paritytech-ci is a known trusted publisher in the Polkadot ecosystem; the maintainer addition reflects a legitimate org-level CI transition. | ai | |
| provenance | publisher-changed | AI (provenance): paritytech-ci is the established Parity Technologies CI publisher for the polkadot-js ecosystem with 67 approved packages and 0 rejections; this transition is legitimate. | ai | |
| source-diff | encoded-string-file:bundle-polkadot-util-crypto.js | AI (source-diff): Long base64 string is a zlib-compressed WASM binary embedded in the bundle — standard practice for polkadot-js packages, not a malicious payload. | ai | |
| phantom-deps | phantom-dep:@polkadot/wasm-util | AI (phantom-deps): Same-org scope dependency declared but not directly imported; expected pattern for the @polkadot monorepo structure. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): URLs in this package are blockchain network metadata (website fields), not C2 infrastructure. This is a stable false positive for this package. | ai |
Versions (showing 100 of 375)
| Version | Deps | Published |
|---|---|---|
| 14.0.3 | 11 / 0 | |
| 14.0.2 | 11 / 0 | |
| 14.0.1 | 11 / 0 | |
| 13.5.9 | 10 / 0 | |
| 13.5.8 | 10 / 0 | |
| 13.5.7 | 10 / 0 | |
| 13.5.6 | 10 / 0 | |
| 13.5.5 | 10 / 0 | |
| 13.5.4 | 10 / 0 | |
| 13.5.3 | 10 / 0 | |
| 13.5.2 | 10 / 0 | |
| 13.5.1 | 10 / 0 | |
| 13.4.4 | 10 / 0 | |
| 13.4.3 | 10 / 0 | |
| 13.4.2 | 10 / 0 | |
| 13.4.1 | 10 / 0 | |
| 13.3.1 | 10 / 0 | |
| 13.2.3 | 10 / 0 | |
| 13.2.2 | 10 / 0 | |
| 13.2.1 | 10 / 0 | |
| 13.1.1 | 10 / 0 | |
| 13.0.2 | 10 / 0 | |
| 13.0.1 | 10 / 0 | |
| 12.6.2 | 10 / 0 | |
| 12.6.1 | 10 / 0 | |
| 12.5.1 | 10 / 0 | |
| 12.4.2 | 10 / 0 | |
| 12.4.1 | 10 / 0 | |
| 12.3.2 | 10 / 0 | |
| 12.3.1 | 10 / 0 | |
| 12.2.2 | 10 / 0 | |
| 12.2.1 | 10 / 0 | |
| 12.1.2 | 10 / 0 | |
| 12.1.1 | 10 / 0 | |
| 12.0.1 | 10 / 0 | |
| 11.1.3 | 10 / 0 | |
| 11.1.2 | 10 / 0 | |
| 11.1.1 | 10 / 0 | |
| 11.0.2 | 11 / 0 | |
| 11.0.1 | 11 / 0 | |
| 10.4.2 | 11 / 0 | |
| 10.4.1 | 11 / 0 | |
| 10.3.1 | 11 / 0 | |
| 10.2.6 | 11 / 0 | |
| 10.2.5 | 11 / 0 | |
| 10.2.4 | 11 / 0 | |
| 10.2.3 | 11 / 0 | |
| 10.2.2 | 11 / 0 | |
| 10.2.1 | 11 / 0 | |
| 10.1.14 | 11 / 0 | |
| 10.1.13 | 11 / 0 | |
| 10.1.12 | 11 / 0 | |
| 10.1.11 | 11 / 0 | |
| 10.1.10 | 11 / 0 | |
| 10.1.9 | 11 / 0 | |
| 10.1.8 | 11 / 0 | |
| 10.1.7 | 11 / 0 | |
| 10.1.6 | 11 / 0 | |
| 10.1.5 | 11 / 0 | |
| 10.1.4 | 11 / 0 | |
| 10.1.3 | 11 / 0 | |
| 10.1.2 | 11 / 0 | |
| 10.1.1 | 11 / 0 | |
| 10.0.2 | 11 / 0 | |
| 10.0.1 | 11 / 0 | |
| 9.7.2 | 11 / 0 | |
| 9.7.1 | 11 / 0 | |
| 9.6.2 | 11 / 0 | |
| 9.6.1 | 11 / 0 | |
| 9.5.1 | 11 / 0 | |
| 9.4.1 | 11 / 0 | |
| 9.3.1 | 11 / 0 | |
| 9.2.1 | 11 / 0 | |
| 9.1.1 | 11 / 0 | |
| 9.0.1 | 11 / 0 | |
| 8.7.1 | 11 / 0 | |
| 8.6.1 | 11 / 0 | |
| 8.5.1 | 11 / 0 | |
| 8.4.1 | 11 / 0 | |
| 8.3.3 | 11 / 0 | |
| 8.3.2 | 11 / 0 | |
| 8.3.1 | 11 / 0 | |
| 8.2.2 | 11 / 1 | |
| 8.1.2 | 13 / 1 | |
| 8.1.1 | 13 / 1 | |
| 8.0.5 | 11 / 3 | |
| 6.5.1 | 16 / 5 | |
| 1.8.1 | 16 / 0 | |
| 1.7.1 | 16 / 0 | |
| 1.6.1 | 16 / 0 | |
| 1.5.1 | 16 / 0 | |
| 1.4.1 | 16 / 0 | |
| 1.3.1 | 16 / 0 | |
| 1.2.1 | 16 / 0 | |
| 1.1.1 | 16 / 0 | |
| 1.0.1 | 16 / 0 | |
| 0.94.1 | 16 / 0 | |
| 0.93.1 | 13 / 0 | |
| 0.92.1 | 13 / 0 | |
| 0.91.1 | 14 / 0 |
v14.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.2
3 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.5.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.5.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.5.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.4.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.4.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.4.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.5.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.2
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.3.2
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.3.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.2
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.2
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.0.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.4.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.2.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.3.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.3.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.94.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.93.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.92.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.91.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.