@storybook/manager-webpack4
Storybook framework-agnostic API
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:prebuilt/main.b9926451f2609a52a8aa.manager.bundle.js | AI (source-diff): webpack's __webpack_require__ module loader triggers net-exec heuristic; this is standard browser bundle behavior, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.b9926451f2609a52a8aa.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle shipped by Storybook. Minification triggers the obfuscation rule but is expected and benign for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f7833e002b8faf7d2609.manager.bundle.js | AI (source-diff): Storybook ships pre-built manager bundles as minified webpack output; long lines are minification artifacts, not obfuscation. Expected pattern for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.f7833e002b8faf7d2609.manager.bundle.js | AI (source-diff): webpack's __webpack_require__ dynamic module loading triggers this rule as a false positive; no actual network+exec dropper behavior present in the Storybook manager bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/main.10388393104e72de685a.manager.bundle.js | AI (source-diff): This is a standard webpack manager bundle shipped as a prebuilt artifact by Storybook. Minified/bundled output is expected and documented for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.10388393104e72de685a.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading via __webpack_require__ are normal webpack bundle patterns in Storybook's prebuilt manager UI. Not indicative of malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.c5de9db8937091c00dda.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as a documented optimization. Minified webpack output is not obfuscation; content matches known Storybook internals. | ai | |
| source-diff | net-exec-file:prebuilt/main.c5de9db8937091c00dda.manager.bundle.js | AI (source-diff): Network calls and eval() in a webpack bundle are standard patterns for the Storybook manager UI; not indicative of dropper/loader malware in this context. | ai | |
| source-diff | net-exec-file:prebuilt/main.9293b4481147b8416bf5.manager.bundle.js | AI (source-diff): Browser-side Storybook manager bundle legitimately loads addons/stories over network and uses webpack dynamic requires. Not dropper behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9293b4481147b8416bf5.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.3fb8cb266a67ec5355cf.manager.bundle.js | AI (source-diff): Network + dynamic execution in a webpack bundle is expected for Storybook's manager UI (API calls + webpack module loading). No dropper/loader behavior present in the sample. | ai | |
| source-diff | obfuscated-file:prebuilt/main.3fb8cb266a67ec5355cf.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager UI bundle. Storybook ships prebuilt bundles in every release; the content is recognizable Storybook/emotion/styled-components code, not malicious obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.56ad1ce30ba9bfee9211.manager.bundle.js | AI (source-diff): Webpack bundles inherently contain dynamic require() and network modules; this is a false positive for Storybook's prebuilt manager bundle, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.56ad1ce30ba9bfee9211.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified webpack output triggers this rule as a false positive. Pattern is consistent across all versions of this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.7f724504439e7628a28b.manager.bundle.js | AI (source-diff): Network+exec pattern in Storybook prebuilt bundles is webpack module system (__webpack_require__) + React UI fetch calls, not malware. Stable for this package. | ai | |
| provenance | no-provenance | AI (provenance): Storybook 6.x predates Sigstore provenance adoption; absence is expected for this package generation. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.0d1916dd840230bedd21.manager.bundle.js | AI (source-diff): Network+exec pattern in Storybook prebuilt vendor bundles is webpack module system + legitimate vendor library code. Stable for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/10.a85ea1a67689be8e19ff.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output in prebuilt/ is expected and consistent with legitimate Storybook UI code across all versions. | ai | |
| source-diff | obfuscated-file:prebuilt/main.7f724504439e7628a28b.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output in prebuilt/ is expected and consistent with legitimate Storybook UI code across all versions. | ai | |
| source-diff | obfuscated-file:prebuilt/0.799c368cbe88266827ba.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output in prebuilt/ is expected and consistent with legitimate Storybook UI code across all versions. | ai | |
| source-diff | obfuscated-file:prebuilt/1.9ebd2fb519f6726108de.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output in prebuilt/ is expected and consistent with legitimate Storybook UI code across all versions. | ai | |
| source-diff | net-exec-file:prebuilt/main.df5123339def5529e2b5.manager.bundle.js | AI (source-diff): Network calls and __webpack_require__ dynamic loading are standard webpack bundle patterns for the Storybook manager UI; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.df5123339def5529e2b5.manager.bundle.js | AI (source-diff): This is a standard webpack-minified Storybook manager UI bundle in the documented prebuilt/ directory. Minification is expected; no obfuscation or malicious patterns present. | ai | |
| source-diff | net-exec-file:prebuilt/main.569f0d63a0fde4329538.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in a webpack bundle are standard patterns for the Storybook manager UI communicating with the dev server. Not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.569f0d63a0fde4329538.manager.bundle.js | AI (source-diff): Storybook manager-webpack4 ships a prebuilt webpack bundle for the manager UI. Minified webpack output is expected and not obfuscation; content shows standard Storybook/emotion internals. | ai | |
| source-diff | obfuscated-file:prebuilt/main.ce406c7e93b98325390e.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle for Storybook. Long lines are expected minification output, not obfuscation. Pattern is consistent across all Storybook manager-webpack4 releases. | ai | |
| source-diff | net-exec-file:prebuilt/main.ce406c7e93b98325390e.manager.bundle.js | AI (source-diff): Network calls and dynamic require() in a webpack browser bundle are expected for a Storybook manager UI. Not indicative of dropper/loader malware in this context. | ai | |
| source-diff | net-exec-file:prebuilt/main.f271e60a300ea8cb2baa.manager.bundle.js | AI (source-diff): webpack bundles inherently combine dynamic module loading (__webpack_require__) with network calls. This is the Storybook manager UI bundle, not a dropper. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f271e60a300ea8cb2baa.manager.bundle.js | AI (source-diff): This is a standard webpack 4 minified bundle for the Storybook manager UI. Long lines are expected in production bundles; not obfuscation or malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.34c26a24db97118e3856.manager.bundle.js | AI (source-diff): This is a standard webpack bundle shipped in the prebuilt/ directory of @storybook/manager-webpack4. Minified webpack output is expected and benign for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.34c26a24db97118e3856.manager.bundle.js | AI (source-diff): Network calls and eval in a Storybook prebuilt manager bundle are standard webpack patterns (module loading, dev-server communication), not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.71c70ee0dbcd38928805.manager.bundle.js | AI (source-diff): This is Storybook's standard prebuilt manager UI webpack bundle. Minified webpack output is expected for this package; not obfuscation in the malicious sense. | ai | |
| source-diff | net-exec-file:prebuilt/main.71c70ee0dbcd38928805.manager.bundle.js | AI (source-diff): Network + dynamic require patterns in a webpack UI bundle are normal for Storybook's manager UI; no evidence of dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/0.55b012452099ace2dca6.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code with no malicious patterns. | ai | |
| source-diff | obfuscated-file:prebuilt/5.f459d151315e6780c20f.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/6.3bd64d820f3745f262ff.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/7.3d04765dbf3f1dcd706c.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/8.b541eadfcb9164835dfc.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/9.411ac8e451bbb10926c7.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/main.38088ac45f83b6428148.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | net-exec-file:prebuilt/main.38088ac45f83b6428148.manager.bundle.js | AI (source-diff): Browser UI bundle naturally contains network calls (Storybook API) and dynamic code (parsers/templates). No malicious patterns observed in samples. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.a935f15a2179a6eff5fd.manager.bundle.js | AI (source-diff): Browser UI vendor bundle naturally contains network calls and dynamic code patterns. No malicious patterns observed. | ai | |
| source-diff | obfuscated-file:prebuilt/10.9f2923a7561bc20fffdb.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/11.f4e922583ae35da460f3.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/1.0f38715c61c7c3cd11db.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle for Storybook manager UI; minification is expected and content is legitimate React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/main.00d9c4d4c205e14f58b6.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as part of its standard release process; minified bundles are expected and the content matches the official GitHub repo. | ai | |
| source-diff | net-exec-file:prebuilt/main.00d9c4d4c205e14f58b6.manager.bundle.js | AI (source-diff): The network+exec pattern is a false positive for webpack browser bundles; dynamic require() and fetch calls are standard in Storybook's manager UI bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/1.f296d183a17268696d73.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains recognizable OSS library code (react-popper). Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/11.49c687eaa6261f8b7be2.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains OverlayScrollbars library code. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/5.fa71488e730c5c7f885f.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains hast/HTML attribute schema code. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/6.8096ae4aadde0743697b.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains color-convert library code. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/7.b34baecbd082bc7b188d.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains scroll area styles. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/8.15577edffecf900a8de2.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains OverlayScrollbarsComponent. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/9.d7d85aa0a49a98f17218.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.0c05af03c79936f38e91.manager.bundle.js | AI (source-diff): Standard webpack main bundle for Storybook's prebuilt manager UI. Not obfuscated malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.0c05af03c79936f38e91.manager.bundle.js | AI (source-diff): Webpack bundle for Storybook manager UI legitimately contains fetch calls (Storybook API) and eval (webpack source maps/dynamic requires). Not a dropper. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are prebuilt webpack bundle chunks for Storybook manager UI — expected for this package's prebuilt asset distribution pattern. | ai | |
| source-diff | obfuscated-file:prebuilt/0.b73eaee9a88f178d62ed.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains recognizable OSS library code (react-popper-tooltip, etc.). Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/10.9998ba67d65d81d20896.manager.bundle.js | AI (source-diff): Standard webpack bundle chunk for Storybook's prebuilt manager UI. Contains SyntaxHighlighter component code. Not obfuscated malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9d4562bc412a8517a4a3.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager bundle; exports recognizable Storybook/React components. Not malicious obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.9d4562bc412a8517a4a3.manager.bundle.js | AI (source-diff): Browser-side webpack bundle for Storybook manager UI; network+exec pattern is normal for a UI that fetches story data and renders dynamically. | ai | |
| source-diff | obfuscated-file:prebuilt/1.72630d73d8f412ec6080.manager.bundle.js | AI (source-diff): Webpack-minified Storybook manager chunk (SyntaxHighlighter component); standard build artifact. | ai | |
| source-diff | obfuscated-file:prebuilt/7.4ca1c17f693c4eb0f95b.manager.bundle.js | AI (source-diff): Webpack-minified Storybook manager chunk (ColorControl component); standard build artifact. | ai | |
| source-diff | obfuscated-file:prebuilt/8.e441a5ff15658a1c0d88.manager.bundle.js | AI (source-diff): Webpack-minified Storybook manager chunk (ScrollArea styles); standard build artifact. | ai | |
| source-diff | obfuscated-file:prebuilt/main.66e787f7ed3a72f42015.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/8.db042c1d94ffe0ee5ea3.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/7.4da576e438b3807e47be.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/6.98f130cd27fdf7eb3a72.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/2.b65894c3feb13613d8bf.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/10.5ccc52dfc06f9584d36f.manager.bundle.js | AI (source-diff): Storybook manager UI bundle naturally contains fetch calls and dynamic code patterns (template engines). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/10.5ccc52dfc06f9584d36f.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/1.5bf9ee0884263729115d.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/0.5475f1b09f45f09efaa2.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.95b29d510e9a1f3bb433.manager.bundle.js | AI (source-diff): Storybook manager vendor bundle naturally contains fetch calls and dynamic code patterns (template engines, parsers). Not dropper/loader malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.66e787f7ed3a72f42015.manager.bundle.js | AI (source-diff): Storybook manager UI bundle naturally contains fetch calls and dynamic code patterns (template engines). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/9.a5725bb040c084fe6ef2.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Package explicitly ships prebuilt/ assets by design; minification is expected, not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/main.712845f044398eb33e41.manager.bundle.js | AI (source-diff): The network+exec pattern is a false positive on webpack's module system combined with UI network calls in the bundled Storybook manager. This is expected behavior for a prebuilt browser bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/main.712845f044398eb33e41.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle for Storybook. Minified prebuilt bundles are expected and normal for this package; not obfuscation or malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.185c4154c38d7ff89704.manager.bundle.js | AI (source-diff): Storybook manager-webpack4 ships prebuilt webpack bundles; minified output in prebuilt/ is expected and documented behavior for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.185c4154c38d7ff89704.manager.bundle.js | AI (source-diff): The network+exec pattern is webpack's module loader mechanism in a prebuilt UI bundle, not dropper/loader malware. Expected for Storybook's prebuilt manager bundles. | ai | |
| source-diff | net-exec-file:prebuilt/main.a4aa21a39a14aa30d184.manager.bundle.js | AI (source-diff): Webpack bundle naturally contains network calls and dynamic module dispatch (__webpack_require__). Not dropper/loader malware — standard Storybook manager UI bundle. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.d3455eed64b243c89325.manager.bundle.js | AI (source-diff): Vendor webpack bundle for Storybook manager UI. Network + dynamic execution patterns are webpack boilerplate, not malicious. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.a4aa21a39a14aa30d184.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as minified output; long lines are minification artifacts, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.dbad1def949aa339cfd5.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output is expected and the sample confirms legitimate Storybook UI code, not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:prebuilt/main.dbad1def949aa339cfd5.manager.bundle.js | AI (source-diff): The network+exec pattern is webpack's module system combined with Storybook API calls — standard for a prebuilt manager bundle, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:prebuilt/main.bd89f9d2c925d5b084c4.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in the Storybook manager bundle are UI-level API calls to the dev server, not dropper/loader behavior. False positive for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.bd89f9d2c925d5b084c4.manager.bundle.js | AI (source-diff): This is a standard webpack-minified Storybook manager UI bundle. Storybook ships prebuilt manager bundles as a documented practice; minification is expected and not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.2ef57e02a2c93d5321be.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine dynamic require (code execution) with browser fetch APIs. The visible content exports known Storybook/emotion symbols with no malicious patterns. | ai | |
| source-diff | obfuscated-file:prebuilt/main.2ef57e02a2c93d5321be.manager.bundle.js | AI (source-diff): This is a standard webpack-built manager bundle for Storybook. Minified output with long lines is expected for prebuilt UI assets in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.600d6c919d9f368542ae.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager UI bundles; minified output in prebuilt/ is expected and documented for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.600d6c919d9f368542ae.manager.bundle.js | AI (source-diff): Network calls and dynamic requires in a webpack bundle are standard Storybook manager UI behavior, not dropper/loader malware patterns. | ai | |
| source-diff | net-exec-file:prebuilt/main.ba5702ff43966b9c541c.manager.bundle.js | AI (source-diff): Prebuilt Storybook manager UI bundle legitimately contains network calls and dynamic module loading via webpack's __webpack_require__. Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.ba5702ff43966b9c541c.manager.bundle.js | AI (source-diff): Storybook manager-webpack4 ships prebuilt webpack bundles as part of its design. Minified bundles with long lines are expected and not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.f7f16cebbf3aa96a4f89.manager.bundle.js | AI (source-diff): Prebuilt vendor bundle for Storybook manager UI. Network + dynamic execution is expected in a webpack vendor bundle for a browser UI framework. | ai | |
| source-diff | net-exec-file:prebuilt/main.e2663b1cf842947d1a59.manager.bundle.js | AI (source-diff): Network+exec pattern is a false positive triggered by webpack's __webpack_require__ module loader in the prebuilt manager bundle. No actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.e2663b1cf842947d1a59.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager bundle shipped as a prebuilt asset by Storybook. Long lines are from minification, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.7b4aec9c4352d4bb535b.manager.bundle.js | AI (source-diff): Webpack bundle for Storybook manager UI; dynamic require and fetch patterns are standard webpack/UI code, not dropper malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.7b4aec9c4352d4bb535b.manager.bundle.js | AI (source-diff): @storybook/manager-webpack4 intentionally ships a prebuilt webpack manager UI bundle in prebuilt/; minified output is expected and documented in package.json files field. | ai | |
| source-diff | net-exec-file:prebuilt/main.5aefc7e2cf94dc919567.manager.bundle.js | AI (source-diff): Network + code execution pattern is inherent to any webpack UI bundle (React rendering + fetch). The sample confirms legitimate Storybook theming code, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.5aefc7e2cf94dc919567.manager.bundle.js | AI (source-diff): This is a standard webpack-minified browser bundle for Storybook's manager UI. The prebuilt/ directory is an expected part of this package's published artifacts; minification is not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.5149e1024c0609fea47c.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager UI bundle, a normal artifact for @storybook/manager-webpack4. Content is readable Storybook/emotion code, not obfuscated malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.5149e1024c0609fea47c.manager.bundle.js | AI (source-diff): Network + dynamic execution pattern in a webpack bundle is a false positive; __webpack_require__ and fetch calls are standard in Storybook's prebuilt manager UI. | ai | |
| source-diff | net-exec-file:prebuilt/main.4318dd1399be668ed57f.manager.bundle.js | AI (source-diff): False positive: webpack's __webpack_require__ dynamic module loading triggers the code-execution heuristic; network calls are part of Storybook's legitimate UI. No actual dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.4318dd1399be668ed57f.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager bundle, which is the core deliverable of this package. Prebuilt bundles in the prebuilt/ directory are expected and documented for @storybook/manager-webpack4. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() in webpack vendors bundle is from bundled template engines/parsers (e.g., lodash template). Stable false positive for this package. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.3766b33379b32257eed9.manager.bundle.js | AI (source-diff): webpack vendors bundle with __webpack_require__ dynamic loading. Not dropper/loader malware — standard Storybook manager bundle pattern. | ai | |
| source-diff | net-exec-file:prebuilt/main.9cc5476bdde10022f9c9.manager.bundle.js | AI (source-diff): webpack bundle with __webpack_require__ dynamic loading and UI fetch calls. Not dropper/loader malware — standard Storybook manager bundle pattern. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9cc5476bdde10022f9c9.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Minification is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/9.a7c91e4af01385325d07.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Minification is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | net-exec-file:prebuilt/6.2a44c00316f6a93b58cb.manager.bundle.js | AI (source-diff): webpack bundle with __webpack_require__ dynamic loading and UI fetch calls. Not dropper/loader malware — standard Storybook manager bundle pattern. | ai | |
| source-diff | obfuscated-file:prebuilt/6.2a44c00316f6a93b58cb.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Minification is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/0.73b613cd70f3fed038b0.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Minification is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/2.db342c46fe1590fdf187.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Minification is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.b2f939d5c5d5bb8fdcc6.manager.bundle.js | AI (source-diff): Network + require() in a webpack bundle is standard Storybook manager UI behavior. No malicious payload visible in sample; legitimate prebuilt asset. | ai | |
| source-diff | obfuscated-file:prebuilt/main.b2f939d5c5d5bb8fdcc6.manager.bundle.js | AI (source-diff): Storybook manager ships prebuilt webpack bundles; minified JS in prebuilt/ is expected and documented in package.json files array. Not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.74031930c6d977d7ec44.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in the prebuilt/ directory — expected artifact for @storybook/manager-webpack4. | ai | |
| source-diff | net-exec-file:prebuilt/main.74031930c6d977d7ec44.manager.bundle.js | AI (source-diff): webpack bundles naturally contain both fetch/XHR and dynamic require() calls; this is standard Storybook manager bundle behavior, not dropper malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.e1e00827611557330b96.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine network calls and dynamic module execution; this is standard Storybook manager bundle behavior, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.e1e00827611557330b96.manager.bundle.js | AI (source-diff): @storybook/manager-webpack4 ships prebuilt webpack manager bundles as a documented pattern; minified output is expected and not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/main.1460eeffd60513472a27.manager.bundle.js | AI (source-diff): The net+exec pattern is a false positive: webpack's __webpack_require__ dynamic loading + Storybook UI's legitimate network calls to load story data. No dropper/malware behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.1460eeffd60513472a27.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle, a core part of @storybook/manager-webpack4's design. The prebuilt/ directory is explicitly listed in package.json files field. | ai | |
| source-diff | obfuscated-file:prebuilt/7.a1c5467faea0833b53d1.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is scroll area styles. | ai | |
| source-diff | obfuscated-file:prebuilt/6.d2f96bcf3b11b0f1a44b.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is legitimate UI components (ColorControl, etc.). | ai | |
| source-diff | obfuscated-file:prebuilt/5.23ef655b5acff6eac8ad.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is core-js polyfills. | ai | |
| source-diff | obfuscated-file:prebuilt/8.65ec2749796fb05c258c.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is OverlayScrollbars component. | ai | |
| source-diff | obfuscated-file:prebuilt/1.7d0dd704b26935d06a04.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is legitimate UI components (WithTooltip, etc.). | ai | |
| source-diff | obfuscated-file:prebuilt/0.e5489f12ab94aa497491.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is legitimate UI components (SyntaxHighlighter, etc.). | ai | |
| source-diff | obfuscated-file:prebuilt/9.acd0ef9064e0667433ac.manager.bundle.js | AI (source-diff): Webpack-minified manager bundle; standard Storybook prebuilt output. Content is formatter and UI utilities. | ai | |
| source-diff | obfuscated-file:prebuilt/main.190bc412c53f3257cd41.manager.bundle.js | AI (source-diff): Webpack-minified main manager bundle; standard Storybook prebuilt output. | ai | |
| source-diff | net-exec-file:prebuilt/9.acd0ef9064e0667433ac.manager.bundle.js | AI (source-diff): webpack __webpack_require__ pattern triggers net-exec false positive in minified bundles; no actual dropper behavior present. | ai | |
| source-diff | net-exec-file:prebuilt/main.190bc412c53f3257cd41.manager.bundle.js | AI (source-diff): webpack __webpack_require__ pattern triggers net-exec false positive in minified bundles; no actual dropper behavior present. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.7c47903ea43e951c3707.manager.bundle.js | AI (source-diff): webpack __webpack_require__ pattern triggers net-exec false positive in minified bundles; no actual dropper behavior present. | ai | |
| source-diff | net-exec-file:prebuilt/main.4c62422f22c4d7f4e2d9.manager.bundle.js | AI (source-diff): Network calls and dynamic requires in this file are webpack module loading patterns in the Storybook manager UI bundle, not dropper/loader malware behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.4c62422f22c4d7f4e2d9.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle intentionally shipped in the prebuilt/ directory of @storybook/manager-webpack4. Long lines are minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.4c3140a78c06c6b39fba.manager.bundle.js | AI (source-diff): This is a standard webpack bundle for the Storybook manager UI. The prebuilt/ directory is intentionally shipped by this package; minified webpack output is expected and not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.4c3140a78c06c6b39fba.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in the Storybook manager webpack bundle are expected behavior (API calls to dev server, webpack module system). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/6.a8be0e489b88fad100b9.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/2.bc100318fb94b77c2227.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/1.b2c27006834e4043b275.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.9dbea2c17e9c6e2eb55d.manager.bundle.js | AI (source-diff): Browser-side webpack bundle for Storybook UI. Network calls and dynamic requires are expected in a browser UI bundle, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9dbea2c17e9c6e2eb55d.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/7.8daa2b4ea8e9c96f13c0.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/9.e3f4fef94a85f9628139.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/6.a8be0e489b88fad100b9.manager.bundle.js | AI (source-diff): Browser-side webpack bundle for Storybook UI. Network calls and dynamic requires are expected in a browser UI bundle, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/8.098ae35b51fb3f245da4.manager.bundle.js | AI (source-diff): Standard webpack-minified Storybook manager UI bundle. Long lines are expected minification output, not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.58ee6c5c0cfaec21e272.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in a webpack bundle are expected for a browser UI manager. No dropper/loader patterns visible in the sample. | ai | |
| source-diff | obfuscated-file:prebuilt/main.58ee6c5c0cfaec21e272.manager.bundle.js | AI (source-diff): This is a standard webpack-minified UI bundle in the prebuilt/ directory, consistent with Storybook's documented build output. Not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:prebuilt/main.f6ea2eb3c91b1561afa2.manager.bundle.js | AI (source-diff): The prebuilt manager bundle legitimately contains fetch calls (UI↔dev-server comms) and __webpack_require__ (module loading); not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f6ea2eb3c91b1561afa2.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager UI bundles as a core part of its distribution; minified bundles in prebuilt/ are expected and stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.f30031703e01c6eaa3f0.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading are intrinsic to Storybook's manager UI bundle; this is a false positive for this package's prebuilt webpack artifact. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f30031703e01c6eaa3f0.manager.bundle.js | AI (source-diff): Storybook manager-webpack4 ships a prebuilt webpack bundle as a core artifact; minified/bundled output is expected and the sample shows standard webpack module federation code, not malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9bb085ebb152f5b19a2a.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle, explicitly listed in package.json files array. Minified bundles are expected artifacts for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.9bb085ebb152f5b19a2a.manager.bundle.js | AI (source-diff): Storybook manager UI legitimately uses network calls and dynamic module loading via webpack. This is expected behavior for a prebuilt UI bundle, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.991fa6e71cce7c92d381.manager.bundle.js | AI (source-diff): This is a legitimate webpack production bundle of the Storybook manager UI, shipped as a prebuilt asset in the official Storybook monorepo. Minification is expected and benign. | ai | |
| source-diff | net-exec-file:prebuilt/main.991fa6e71cce7c92d381.manager.bundle.js | AI (source-diff): Network calls and dynamic requires in this webpack bundle are part of the Storybook manager UI functionality, not dropper/loader behavior. False positive for this package. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() appears in a prebuilt webpack manager bundle — standard webpack artifact (devtool/dynamic module loading), not a supply-chain indicator. Stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.12715e9abb4a0e07ef3a.manager.bundle.js | AI (source-diff): Network + dynamic execution pattern in a webpack bundle is expected for Storybook's manager UI. No malicious network calls present; pattern is from webpack module system and Storybook API communication. | ai | |
| source-diff | obfuscated-file:prebuilt/main.12715e9abb4a0e07ef3a.manager.bundle.js | AI (source-diff): This is a standard webpack 4 minified bundle for the Storybook manager UI. The prebuilt/ directory is documented in package.json files field. Long lines are expected webpack output, not obfuscation. | ai | |
| phantom-deps | phantom-dep:file-system-cache | AI (phantom-deps): file-system-cache is declared and used in webpack config; phantom-dep is a false positive for config-referenced packages. | ai | |
| dependencies | unvetted-dep:babel-loader | AI (dependencies): babel-loader is a well-known, widely-used Babel webpack loader; not a security risk in this context. | ai | |
| source-diff | obfuscated-file:prebuilt/main.93d2c8aa127bed373c8a.manager.bundle.js | AI (source-diff): Webpack bundle minification is expected for build tools; no malware indicators in the sample. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Framework-scoped package loaded by convention in Storybook ecosystem. | ai | |
| source-diff | net-exec-file:prebuilt/main.93d2c8aa127bed373c8a.manager.bundle.js | AI (source-diff): Webpack's dynamic require() is standard module loading, not dropper/loader malware. | ai | |
| phantom-deps | phantom-dep:@storybook/theming | AI (phantom-deps): Same-org scoped package loaded by convention in Storybook. | ai | |
| phantom-deps | phantom-dep:@types/webpack | AI (phantom-deps): Type definitions loaded by convention; stable for this package. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Type definitions loaded by convention; stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.30c6a07ef04a25e111f7.manager.bundle.js | AI (source-diff): Webpack bundles naturally contain dynamic requires and may reference network APIs; this is normal for build tools, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.30c6a07ef04a25e111f7.manager.bundle.js | AI (source-diff): Prebuilt webpack bundle is expected; minification is standard for build artifacts, not a malware indicator. | ai |
Versions (showing 51 of 51)
| Version | Deps | Published |
|---|---|---|
| 6.5.16 | 35 / 4 | |
| 6.5.15 | 35 / 4 | |
| 6.5.14 | 35 / 4 | |
| 6.5.13 | 35 / 4 | |
| 6.5.12 | 35 / 4 | |
| 6.5.11 | 35 / 4 | |
| 6.5.10 | 35 / 4 | |
| 6.5.9 | 35 / 4 | |
| 6.5.8 | 35 / 4 | |
| 6.5.7 | 35 / 4 | |
| 6.5.6 | 35 / 4 | |
| 6.5.5 | 35 / 4 | |
| 6.5.4 | 35 / 4 | |
| 6.5.3 | 35 / 4 | |
| 6.5.2 | 35 / 4 | |
| 6.5.0 | 35 / 4 | |
| 6.4.22 | 36 / 4 | |
| 6.4.21 | 36 / 4 | |
| 6.4.20 | 36 / 4 | |
| 6.4.19 | 36 / 4 | |
| 6.4.18 | 36 / 4 | |
| 6.4.17 | 36 / 4 | |
| 6.4.16 | 36 / 4 | |
| 6.4.15 | 36 / 4 | |
| 6.4.14 | 36 / 4 | |
| 6.4.13 | 36 / 4 | |
| 6.4.12 | 36 / 4 | |
| 6.4.10 | 36 / 4 | |
| 6.4.9 | 36 / 4 | |
| 6.4.8 | 36 / 4 | |
| 6.4.7 | 36 / 4 | |
| 6.4.5 | 36 / 4 | |
| 6.4.4 | 36 / 4 | |
| 6.4.3 | 36 / 4 | |
| 6.4.2 | 36 / 4 | |
| 6.4.1 | 36 / 4 | |
| 6.4.0 | 36 / 4 | |
| 6.3.13 | 37 / 5 | |
| 6.3.12 | 37 / 5 | |
| 6.3.11 | 37 / 5 | |
| 6.3.10 | 37 / 5 | |
| 6.3.9 | 37 / 5 | |
| 6.3.8 | 37 / 5 | |
| 6.3.7 | 37 / 5 | |
| 6.3.6 | 37 / 5 | |
| 6.3.5 | 37 / 5 | |
| 6.3.4 | 37 / 5 | |
| 6.3.3 | 37 / 5 | |
| 6.3.2 | 37 / 5 | |
| 6.3.1 | 37 / 5 | |
| 6.3.0 | 37 / 5 |
v6.5.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.11
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.10
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.9
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.8
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.0
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.22
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.21
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.20
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.18
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.12
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.8
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.0
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.13
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.