@scaleflex/uploader
Framework-agnostic file upload widget for Scaleflex VXP
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/sfx-uploader-BQJOSwGL.cjs | AI (source-diff): Vite build output; readable i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-NB0iMwz-.cjs | AI (source-diff): Vite build output; readable OAuth/localStorage provider logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-DMpYQoIW.cjs | AI (source-diff): Vite build output; minified but readable LitElement/fetch logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-DqUtqAyK.cjs | AI (source-diff): Vite build output with hashed filename; code is readable minified JS, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BzblopkP.cjs | AI (source-diff): Vite build output; samples show standard i18n/utility code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DH_fzgwD.cjs | AI (source-diff): Vite build output; samples show legitimate OAuth/provider browser code. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-bLbpWRH4.cjs | AI (source-diff): Standard Vite minified bundle output; samples show normal provider/auth logic. | ai | |
| source-diff | obfuscated-file:dist/index-D81-mtmI.cjs | AI (source-diff): Standard Vite minified bundle output; samples show normal uploader logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-D50Q9Vkr.cjs | AI (source-diff): Standard Vite minified bundle output; samples show normal uploader utility logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-D0njQ57g.cjs | AI (source-diff): Vite build output; minified but readable OAuth/provider logic, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BRG5gnm6.cjs | AI (source-diff): Vite build output; minified but readable i18n/utility logic, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/index-DzHgBlCX.cjs | AI (source-diff): Vite build output; minified but readable business logic, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/index-DKbXrYEU.cjs | AI (source-diff): Vite-generated minified bundle; readable source logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Ckj5IWme.cjs | AI (source-diff): Vite-generated minified bundle; readable source logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CjjDd77N.cjs | AI (source-diff): Vite-generated minified bundle; readable source logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CMVtzIfu.cjs | AI (source-diff): Standard Vite minified build output; code samples show i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-BEurNt0h.cjs | AI (source-diff): Standard Vite minified build output; code samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-Chv7fXtC.cjs | AI (source-diff): Standard Vite minified build output; code samples show OAuth/cloud-provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-B64WBJ_L.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Bt4W3aIb.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-CCMPD9GK.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-PTEEfMvB.cjs | AI (source-diff): Standard Vite minified build output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-ChS_dPB-.cjs | AI (source-diff): Standard Vite minified build output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-SXVno7eF.cjs | AI (source-diff): Standard Vite minified build output for this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DKdWBGCw.cjs | AI (source-diff): Standard Vite minified bundle; sample shows i18n/utility code consistent with the package's purpose. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BKE-rg3a.cjs | AI (source-diff): Standard Vite minified bundle; sample shows OAuth/localStorage token handling consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-DRJRCfdg.cjs | AI (source-diff): Standard Vite minified bundle output; samples show legitimate uploader logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BOM_qghp.cjs | AI (source-diff): Standard Vite minified bundle; content is i18n/utility logic for the uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-BZHmPtQ8.cjs | AI (source-diff): Standard Vite minified bundle output; content is readable uploader logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CSk11BjH.cjs | AI (source-diff): Standard Vite minified bundle; content shows OAuth provider browser integration, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-uJh-ZXRa.cjs | AI (source-diff): Vite-minified bundle; code is readable and contains only legitimate uploader logic. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-7kef4B9h.cjs | AI (source-diff): Vite-minified core bundle; code is readable utility/i18n logic, no exfiltration. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CN82fnqt.cjs | AI (source-diff): Vite-minified bundle for OAuth provider browser flow; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-QbZiJb9W.cjs | AI (source-diff): Standard Vite minified bundle; content shows OAuth/cloud-provider browser integration logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BZSlX9vh.cjs | AI (source-diff): Standard Vite minified bundle; content shows LitElement/i18n utility code consistent with the package purpose. | ai | |
| source-diff | obfuscated-file:dist/index-JyV__5Il.cjs | AI (source-diff): Standard Vite minified bundle output; code is readable and consistent with uploader widget functionality. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BVw-cWGG.cjs | AI (source-diff): Standard Vite minified bundle; samples show i18n/utility code consistent with uploader package. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BNSkqHJn.cjs | AI (source-diff): Standard Vite minified bundle; samples show LitElement OAuth provider component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-hhvzVZnw.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic in samples confirms legitimate uploader code. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BNbpoi9w.cjs | AI (source-diff): Vite build output; minified but readable, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Cdc1BhJr.cjs | AI (source-diff): Vite build output; minified but readable, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CvWgiyIT.cjs | AI (source-diff): Vite build output; minified but readable, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Dx_u2sli.cjs | AI (source-diff): Standard Vite minified bundle output; content is readable business logic, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-dyaODsy3.cjs | AI (source-diff): Standard Vite minified bundle output; content is readable utility/i18n logic, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-UHJHkPWW.cjs | AI (source-diff): Standard Vite minified bundle output; content is readable OAuth provider logic, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/index-aJW6yoky.cjs | AI (source-diff): Standard Vite minified bundle output; code samples show legitimate uploader logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DSmgxDhj.cjs | AI (source-diff): Standard Vite minified bundle; samples show OAuth/cloud-provider browser integration code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DxmDRrdm.cjs | AI (source-diff): Standard Vite minified bundle; samples show i18n/utility logic consistent with uploader package. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BRAjVeED.cjs | AI (source-diff): Vite minified build output; samples show OAuth/localStorage token handling for cloud provider integration. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BOks4oa5.cjs | AI (source-diff): Vite minified build output; samples show i18n/utility logic consistent with the uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-DTKhbyGo.cjs | AI (source-diff): Vite minified build output; samples show legitimate uploader/metadata logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DJInUElc.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; samples show legitimate OAuth/provider browser code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CRurnJWX.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; samples show legitimate uploader utility code. | ai | |
| source-diff | obfuscated-file:dist/index-jj83x_9r.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; samples show legitimate application code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-C_eDP35p.cjs | AI (source-diff): Vite-minified bundle; sample shows i18n/utility helpers consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-6-B8MpX8.cjs | AI (source-diff): Vite-minified bundle; sample shows OAuth provider browser integration consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-d3ddCgHi.cjs | AI (source-diff): Vite-minified bundle; readable logic in sample matches package purpose (metadata fetch, Lit components). | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DeoNLlUF.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; content is i18n/utility code consistent with the package's purpose. | ai | |
| source-diff | obfuscated-file:dist/index-BFdI2Vy7.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; content is readable uploader logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DTl3Llk5.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; content shows OAuth/localStorage token handling for cloud provider integration. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DUV8PlRB.cjs | AI (source-diff): Standard Vite minified build output; code samples show i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CbQBeIXg.cjs | AI (source-diff): Standard Vite minified build output; code samples show OAuth/provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-8ecRYGV0.cjs | AI (source-diff): Standard Vite minified build output; code samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DnTZtya1.cjs | AI (source-diff): Standard Vite minified build output; samples show OAuth/localStorage token handling consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DJbfGjIm.cjs | AI (source-diff): Standard Vite minified build output; samples show i18n/Lit component logic consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/index-C044Lmf6.cjs | AI (source-diff): Standard Vite minified build output for this uploader package; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CZ-DJc6K.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; sample shows OAuth/localStorage token handling consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-BY2aP3TY.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; readable business logic visible in sample, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-C59ikb9g.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; sample shows i18n/utility code consistent with uploader widget. | ai | |
| source-diff | obfuscated-file:dist/index-Cfx0ch81.cjs | AI (source-diff): Standard Vite minified bundle output; code samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-qpZWkfnp.cjs | AI (source-diff): Standard Vite minified bundle; code shows OAuth provider browser integration, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-B3I-DKmA.cjs | AI (source-diff): Standard Vite minified bundle; code shows file upload state management logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DkQ80HFv.cjs | AI (source-diff): Standard Vite minified build output; samples show OAuth/cloud-provider browser logic, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-9Tw_J6tX.cjs | AI (source-diff): Standard Vite minified build output; samples show i18n/utility helpers, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/index-iwitoRN1.cjs | AI (source-diff): Standard Vite minified build output; samples show normal uploader logic, no malicious code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DJY_2MqA.cjs | AI (source-diff): Vite-minified bundle; content is i18n/utility code consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/index-7jTf4POF.cjs | AI (source-diff): Vite-minified bundle; content is readable business logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BEfLYXIS.cjs | AI (source-diff): Vite-minified bundle; content is OAuth/localStorage provider logic consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-C0DwIUVX.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show OAuth/cloud-provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BrdR9BBC.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show file upload state management, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-DRc9qUhl.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Dln1ptPu.cjs | AI (source-diff): Standard Vite minified CJS bundle; readable business logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BkD48or1.cjs | AI (source-diff): Standard Vite minified CJS bundle; i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-C9I4yhZ9.cjs | AI (source-diff): Standard Vite minified CJS bundle; OAuth/provider browser logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-yKD2vwDL.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable OAuth/file-picker logic. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-D7D-7LVt.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/index-XMhqia5v.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable business logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DNEmx_1F.cjs | AI (source-diff): Standard Vite/Rollup minified build output; sample shows i18n/utility code consistent with uploader widget, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:i18next-http-backend | AI (phantom-deps): Used as i18next plugin loaded via config rather than direct import; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CYvKyggQ.cjs | AI (source-diff): Standard Vite/Rollup minified build output; sample shows OAuth provider browser integration logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-FcRKG7Z8.cjs | AI (source-diff): Standard Vite/Rollup minified build output for this UI widget package; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-B7DPp8JT.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show file upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BtiWQKFS.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show OAuth provider browser integration. | ai | |
| source-diff | obfuscated-file:dist/index-BpTfwkwD.cjs | AI (source-diff): Standard Vite minified CJS build output; code samples show legitimate upload widget logic. | ai | |
| source-diff | obfuscated-file:dist/index-DLXATk4W.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable and benign in samples. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-BtW8NKRh.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; upload/state-management logic visible in sample, no malware indicators. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DX1V8p7k.cjs | AI (source-diff): Standard Vite/Rollup minified bundle; OAuth/file-picker logic visible in sample, no malware indicators. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CuemxuWJ.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show file upload state management, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-Bl7X23OY.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show legitimate uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-BooCl9Xv.cjs | AI (source-diff): Standard Vite/Rollup minified build output; samples show OAuth/file-picker logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-CHWxSjUc.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable business logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-FRMs7J5q.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-gHt8SmZF.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; code is readable OAuth/file-picker logic. | ai | |
| source-diff | obfuscated-file:dist/index-Dsevyf8w.cjs | AI (source-diff): Standard Vite minified bundle output; samples show legitimate uploader logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-K-FR84FY.cjs | AI (source-diff): Standard Vite minified bundle; samples show OAuth/cloud-provider browser integration code. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Bk9fU_8P.cjs | AI (source-diff): Standard Vite minified bundle; samples show file upload state management logic. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-CM6iGuKO.cjs | AI (source-diff): Vite/Rollup minified bundle; samples show standard OAuth provider browser integration. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Br61ugq7.cjs | AI (source-diff): Vite/Rollup minified bundle; samples show i18next/LitElement uploader logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-B-dbj3YY.cjs | AI (source-diff): Vite/Rollup minified bundle output; code is readable and benign in samples. | ai | |
| source-diff | obfuscated-file:dist/index-DHCML5-W.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show readable business logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-C8ZjovD6.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show i18n/utility logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-c3CwLX_n.cjs | AI (source-diff): Standard Vite/Rollup minified CJS bundle; samples show OAuth/localStorage provider logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-DXyLpoIJ.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DbjyF_Ou.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-CpKFlkgS.cjs | AI (source-diff): Vite build output with hashed filename; sample shows plain minified component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DajdSDoL.cjs | AI (source-diff): Vite build output with hashed filename; sample shows plain LitElement code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-D1QE07Cn.cjs | AI (source-diff): Standard Vite minified bundle output; readable file-upload logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-YA7MCWl4.cjs | AI (source-diff): Standard Vite minified bundle output; readable logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/provider-browser-DlnjPqY9.cjs | AI (source-diff): Standard Vite minified build output; content is readable OAuth/cloud-provider browser logic. | ai | |
| source-diff | obfuscated-file:dist/index-ZNX436Kx.cjs | AI (source-diff): Standard Vite minified build output; content is readable upload widget logic, not obfuscated malware. | ai | |
| phantom-deps | phantom-dep:tus-js-client | AI (phantom-deps): tus-js-client is a declared runtime dependency; bundled by Vite so not directly imported at module level. | ai | |
| source-diff | obfuscated-file:dist/sfx-uploader-Bg6CR-ID.cjs | AI (source-diff): Standard Vite minified build output; content is readable uploader core logic. | ai |
Versions (showing 51 of 51)
| Version | Deps | Published |
|---|---|---|
| 1.5.1 | 4 / 9 | |
| 1.5.0 | 4 / 9 | |
| 1.4.1 | 4 / 9 | |
| 1.4.0 | 4 / 9 | |
| 1.3.22 | 4 / 9 | |
| 1.3.21 | 4 / 9 | |
| 1.3.20 | 4 / 9 | |
| 1.3.19 | 4 / 9 | |
| 1.3.18 | 4 / 9 | |
| 1.3.17 | 4 / 9 | |
| 1.3.16 | 4 / 9 | |
| 1.3.15 | 4 / 9 | |
| 1.3.14 | 4 / 9 | |
| 1.3.13 | 4 / 9 | |
| 1.3.12 | 4 / 9 | |
| 1.3.11 | 4 / 9 | |
| 1.3.10 | 4 / 9 | |
| 1.3.9 | 4 / 9 | |
| 1.3.8 | 4 / 9 | |
| 1.3.7 | 4 / 9 | |
| 1.3.6 | 4 / 9 | |
| 1.3.5 | 4 / 9 | |
| 1.3.4 | 4 / 9 | |
| 1.3.3 | 4 / 9 | |
| 1.3.2 | 4 / 9 | |
| 1.3.1 | 4 / 9 | |
| 1.2.5 | 4 / 9 | |
| 1.2.4 | 4 / 9 | |
| 1.2.3 | 4 / 9 | |
| 1.2.2 | 4 / 9 | |
| 1.0.10 | 2 / 9 | |
| 1.0.7 | 2 / 9 | |
| 1.0.6 | 2 / 9 | |
| 1.0.5 | 2 / 9 | |
| 1.0.4 | 2 / 9 | |
| 1.0.3 | 2 / 9 | |
| 1.0.2 | 2 / 9 | |
| 1.0.0 | 2 / 9 | |
| 0.2.11 | 2 / 9 | |
| 0.2.10 | 2 / 9 | |
| 0.2.9 | 2 / 9 | |
| 0.2.8 | 2 / 9 | |
| 0.2.7 | 1 / 9 | |
| 0.2.6 | 1 / 9 | |
| 0.2.5 | 1 / 9 | |
| 0.2.4 | 1 / 9 | |
| 0.2.3 | 1 / 9 | |
| 0.2.2 | 1 / 9 | |
| 0.2.1 | 1 / 9 | |
| 0.2.0 | 1 / 9 | |
| 0.1.0 | 1 / 9 |
v1.5.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-11, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.5.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.22
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.21
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.20
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.19
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.18
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.17
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.16
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.14
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.13
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.12
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.11
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-06-05, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-06-05, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-06-05, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-06-05, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-03, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-03, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.3.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (philipka) than the most recent previously approved version (dmitry.stremous) on 2026-06-02, but philipka is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (dmitry.stremous) than the most recent previously approved version (philipka) on 2026-05-25, but dmitry.stremous is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.2.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.11
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.