@storybook/manager-webpack5
Storybook framework-agnostic API
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:prebuilt/vendors~main.0d1916dd840230bedd21.manager.bundle.js | AI (source-diff): Vendors webpack bundle for Storybook manager UI; net+exec pattern is a false positive from bundled library code (polished, react, etc.). | ai | |
| source-diff | obfuscated-file:prebuilt/main.7f724504439e7628a28b.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles; minified output is expected and content is identifiable as legitimate React/emotion/Storybook UI code. | ai | |
| source-diff | net-exec-file:prebuilt/main.7f724504439e7628a28b.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine dynamic require() with network-related library code; this is a structural false positive for Storybook's prebuilt manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.e1e00827611557330b96.manager.bundle.js | AI (source-diff): Storybook ships a webpack-minified prebuilt manager bundle in prebuilt/; long lines are standard webpack output, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.e1e00827611557330b96.manager.bundle.js | AI (source-diff): Network calls and dynamic require() in the webpack bundle are standard Storybook manager behavior, not dropper/loader malware. Stable false positive for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.bd89f9d2c925d5b084c4.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading via __webpack_require__ are intrinsic to the Storybook manager webpack bundle; not indicative of dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.bd89f9d2c925d5b084c4.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle intentionally shipped in the prebuilt/ directory. Minification is expected for this package's build artifacts. | ai | |
| source-diff | net-exec-file:prebuilt/main.4c62422f22c4d7f4e2d9.manager.bundle.js | AI (source-diff): Network+exec pattern is a false positive on webpack bundles; the Storybook manager UI legitimately uses fetch and webpack's dynamic require. No dropper behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.4c62422f22c4d7f4e2d9.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles in prebuilt/ by design; minified webpack output is expected and not malicious for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.f271e60a300ea8cb2baa.manager.bundle.js | AI (source-diff): Browser-side webpack bundle legitimately contains fetch calls (manager<->devserver IPC) and dynamic requires/eval. Standard Storybook manager bundle behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f271e60a300ea8cb2baa.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles with content-hashed filenames. Long lines are standard minification output, not obfuscation. New hash per version is expected. | ai | |
| source-diff | net-exec-file:prebuilt/main.b2f939d5c5d5bb8fdcc6.manager.bundle.js | AI (source-diff): webpack bundle legitimately contains both network calls (manager<->devserver) and dynamic require/eval patterns; not a dropper. | ai | |
| source-diff | obfuscated-file:prebuilt/main.b2f939d5c5d5bb8fdcc6.manager.bundle.js | AI (source-diff): Storybook ships a prebuilt webpack manager bundle in prebuilt/; minified output is expected and documented. Not obfuscation/malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.5149e1024c0609fea47c.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine network calls (Storybook API) and dynamic module loading; this is not dropper/loader behavior for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.5149e1024c0609fea47c.manager.bundle.js | AI (source-diff): Storybook ships prebuilt minified webpack manager bundles by design; long-line minification is expected and not obfuscation of malicious code. | ai | |
| source-diff | net-exec-file:prebuilt/main.10388393104e72de685a.manager.bundle.js | AI (source-diff): Network calls and dynamic code execution in this file are standard webpack module loading (__webpack_require__) and Storybook UI behavior, not dropper/loader malware patterns. | ai | |
| source-diff | obfuscated-file:prebuilt/main.10388393104e72de685a.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle shipped in the prebuilt/ directory, which is the documented purpose of this package. Minified webpack output is not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/1.0f38715c61c7c3cd11db.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Not obfuscated — readable minified React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/0.55b012452099ace2dca6.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Not obfuscated — readable minified React/UI code. Prebuilt bundles are a documented feature of this package. | ai | |
| source-diff | obfuscated-file:prebuilt/10.9f2923a7561bc20fffdb.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Not obfuscated — readable minified React/UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/main.38088ac45f83b6428148.manager.bundle.js | AI (source-diff): Standard webpack minified bundle for Storybook manager UI. Not obfuscated — readable minified React/UI code. | ai | |
| source-diff | net-exec-file:prebuilt/main.38088ac45f83b6428148.manager.bundle.js | AI (source-diff): False positive: webpack bundle's __webpack_require__ dynamic loading + Storybook manager's fetch calls to dev server. No malicious network/exec pattern present. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.a935f15a2179a6eff5fd.manager.bundle.js | AI (source-diff): False positive: standard webpack vendor bundle with polished/React deps. Network calls are Storybook manager UI functionality, not dropper behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.ce406c7e93b98325390e.manager.bundle.js | AI (source-diff): Storybook ships pre-built webpack manager bundles as a documented pattern; minified webpack output is not obfuscation/malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.ce406c7e93b98325390e.manager.bundle.js | AI (source-diff): The network+exec pattern is webpack's standard module loader (__webpack_require__), not dropper malware. Expected in Storybook's prebuilt manager bundle. | ai | |
| source-diff | net-exec-file:prebuilt/main.30c6a07ef04a25e111f7.manager.bundle.js | AI (source-diff): Network + dynamic execution pattern is a routine false positive in webpack bundles; Storybook manager UI legitimately makes network calls and uses dynamic module loading. | ai | |
| source-diff | obfuscated-file:prebuilt/main.30c6a07ef04a25e111f7.manager.bundle.js | AI (source-diff): Storybook manager-webpack5 ships prebuilt webpack bundles in prebuilt/; minified webpack output is expected and documented in package.json files array. Not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.c5de9db8937091c00dda.manager.bundle.js | AI (source-diff): Storybook manager-webpack5 ships a prebuilt webpack bundle of the Storybook manager UI in the prebuilt/ directory. Minified webpack output is expected and documented for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.c5de9db8937091c00dda.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in the Storybook manager webpack bundle are expected UI behavior (loading story data, webpack module system). No evidence of malicious dropper/loader patterns. | ai | |
| source-diff | net-exec-file:prebuilt/main.569f0d63a0fde4329538.manager.bundle.js | AI (source-diff): Network+exec pattern is triggered by webpack's __webpack_require__ module loader and UI fetch calls in the Storybook manager bundle — not dropper/loader malware. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.569f0d63a0fde4329538.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle, a documented Storybook artifact. Long lines are minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.71c70ee0dbcd38928805.manager.bundle.js | AI (source-diff): Storybook ships webpack-minified prebuilt manager bundles in every release; long-line minification is expected and not malicious for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.71c70ee0dbcd38928805.manager.bundle.js | AI (source-diff): Webpack bundles for the Storybook manager UI legitimately contain both network calls (dev-server comms) and dynamic module loading; this is the expected bundle format for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.600d6c919d9f368542ae.manager.bundle.js | AI (source-diff): @storybook/manager-webpack5 ships a prebuilt webpack bundle for the Storybook manager UI; minified/long-line files in prebuilt/ are expected and documented in package.json files field. | ai | |
| source-diff | net-exec-file:prebuilt/main.600d6c919d9f368542ae.manager.bundle.js | AI (source-diff): Network calls and __webpack_require__ dynamic loading in the Storybook manager bundle are standard webpack patterns, not dropper/loader malware indicators for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.dbad1def949aa339cfd5.manager.bundle.js | AI (source-diff): Network + eval patterns in a webpack bundle are expected: Storybook manager communicates with the dev server and webpack's module system uses dynamic requires. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.dbad1def949aa339cfd5.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles with content-hashed filenames. The minified code is standard webpack output with identifiable Storybook/emotion imports — not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.b9926451f2609a52a8aa.manager.bundle.js | AI (source-diff): This is a standard minified webpack bundle for the Storybook manager UI. Minification triggers the obfuscation heuristic but there is no malicious content; this pattern is expected for every release of this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.b9926451f2609a52a8aa.manager.bundle.js | AI (source-diff): The net+exec pattern is a false positive from webpack's dynamic module loading combined with UI fetch calls in the Storybook manager bundle. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:prebuilt/main.df5123339def5529e2b5.manager.bundle.js | AI (source-diff): Storybook manager-webpack5 ships prebuilt minified webpack bundles by design; minification triggers this rule but is not obfuscation in the malicious sense. | ai | |
| source-diff | net-exec-file:prebuilt/main.df5123339def5529e2b5.manager.bundle.js | AI (source-diff): The 'network + code execution' pattern is webpack's __webpack_require__ dynamic module loading, not dropper/loader malware. Expected artifact for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.185c4154c38d7ff89704.manager.bundle.js | AI (source-diff): Network calls and dynamic requires in a webpack bundle are normal for a UI manager. No dropper/loader behavior evident in the sample; references are to known Storybook/emotion modules. | ai | |
| source-diff | obfuscated-file:prebuilt/main.185c4154c38d7ff89704.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager bundle for Storybook. Minification is expected for prebuilt UI assets in this package; not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.00d9c4d4c205e14f58b6.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle shipped by the official Storybook monorepo. Long lines are minification artifacts, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.00d9c4d4c205e14f58b6.manager.bundle.js | AI (source-diff): False positive: webpack's __webpack_require__ dynamic module loading + any fetch/XHR in the UI bundle triggers this rule. Expected for a Storybook manager UI bundle from the official org. | ai | |
| source-diff | obfuscated-file:prebuilt/main.34c26a24db97118e3856.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack bundles in the prebuilt/ directory by design. The minified bundle is standard webpack output with legitimate Storybook UI code, not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:prebuilt/main.34c26a24db97118e3856.manager.bundle.js | AI (source-diff): Webpack bundles inherently contain dynamic require() calls and the Storybook manager UI makes network calls to fetch story data. This is expected behavior for a prebuilt UI bundle, not dropper/loader malware. | ai | |
| source-diff | net-exec-file:prebuilt/main.a4aa21a39a14aa30d184.manager.bundle.js | AI (source-diff): Network + dynamic require patterns in webpack bundles are standard for Storybook's manager UI. No actual dropper/loader behavior present in the sample. | ai | |
| source-diff | obfuscated-file:prebuilt/main.a4aa21a39a14aa30d184.manager.bundle.js | AI (source-diff): Storybook manager-webpack5 ships prebuilt webpack bundles in prebuilt/ by design. Minified webpack output with content-hash filenames is expected and not obfuscation. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() in vendor bundle is from legitimate template engine/parser dependencies bundled by webpack; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.1460eeffd60513472a27.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundle; minification is expected and normal for Storybook's prebuilt UI assets. Not obfuscation in the malicious sense. | ai | |
| source-diff | net-exec-file:prebuilt/main.1460eeffd60513472a27.manager.bundle.js | AI (source-diff): Webpack bundle combining network calls (fetch for Storybook API) and module loading (__webpack_require__) is standard for Storybook manager UI; not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:prebuilt/main.56ad1ce30ba9bfee9211.manager.bundle.js | AI (source-diff): Webpack bundles for a UI manager legitimately combine network calls (fetch/XHR for Storybook API) and dynamic execution (webpack module system); not a dropper pattern. | ai | |
| source-diff | obfuscated-file:prebuilt/main.56ad1ce30ba9bfee9211.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles in the prebuilt/ directory by design; minified webpack output is expected and not obfuscation. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9d4562bc412a8517a4a3.manager.bundle.js | AI (source-diff): This is a standard webpack-minified manager UI bundle intentionally shipped in the prebuilt/ directory of the official Storybook package. The content is recognizable Storybook/theming code, not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.9d4562bc412a8517a4a3.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading are expected in a webpack-bundled Storybook manager UI. This is not dropper/loader malware — it is a legitimate pre-built frontend bundle from the official Storybook monorepo. | ai | |
| source-diff | obfuscated-file:prebuilt/7.8daa2b4ea8e9c96f13c0.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/9.e3f4fef94a85f9628139.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9dbea2c17e9c6e2eb55d.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.9dbea2c17e9c6e2eb55d.manager.bundle.js | AI (source-diff): webpack bundles for browser UI naturally contain network calls and dynamic module loading (__webpack_require__). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/1.b2c27006834e4043b275.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/2.bc100318fb94b77c2227.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/6.a8be0e489b88fad100b9.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | net-exec-file:prebuilt/6.a8be0e489b88fad100b9.manager.bundle.js | AI (source-diff): webpack bundles for browser UI naturally contain network calls and dynamic module loading (__webpack_require__). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/8.098ae35b51fb3f245da4.manager.bundle.js | AI (source-diff): Standard webpack bundle for Storybook manager UI. Minified output is expected for prebuilt browser bundles in this package. | ai | |
| source-diff | obfuscated-file:prebuilt/5.23ef655b5acff6eac8ad.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/1.7d0dd704b26935d06a04.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/0.e5489f12ab94aa497491.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | net-exec-file:prebuilt/9.acd0ef9064e0667433ac.manager.bundle.js | AI (source-diff): Network calls and webpack __webpack_require__ dynamic loading in Storybook manager bundles are expected UI framework behavior, not malware indicators. | ai | |
| source-diff | net-exec-file:prebuilt/main.190bc412c53f3257cd41.manager.bundle.js | AI (source-diff): Network calls and webpack __webpack_require__ dynamic loading in Storybook manager bundles are expected UI framework behavior, not malware indicators. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.7c47903ea43e951c3707.manager.bundle.js | AI (source-diff): Network calls and webpack __webpack_require__ dynamic loading in Storybook manager bundles are expected UI framework behavior, not malware indicators. | ai | |
| source-diff | obfuscated-file:prebuilt/main.190bc412c53f3257cd41.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/9.acd0ef9064e0667433ac.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/8.65ec2749796fb05c258c.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/7.a1c5467faea0833b53d1.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/6.d2f96bcf3b11b0f1a44b.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundles are an intentional part of @storybook/manager-webpack5; minified bundles are expected and listed in package.json files array. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f7833e002b8faf7d2609.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles by design; minified output in prebuilt/ is expected and documented in package.json files field. | ai | |
| source-diff | net-exec-file:prebuilt/main.f7833e002b8faf7d2609.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading via __webpack_require__ are standard in Storybook's prebuilt manager UI bundle; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.4318dd1399be668ed57f.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles in the prebuilt/ directory by design. Minified webpack output is expected and not malicious for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.4318dd1399be668ed57f.manager.bundle.js | AI (source-diff): The net+exec pattern is triggered by webpack's dynamic module loading runtime combined with UI fetch calls — standard behavior for a prebuilt browser-side Storybook manager bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/main.5aefc7e2cf94dc919567.manager.bundle.js | AI (source-diff): Storybook ships prebuilt minified webpack manager bundles by design. The sample shows standard webpack module loading with known Storybook/styled-components exports — not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.5aefc7e2cf94dc919567.manager.bundle.js | AI (source-diff): The net+exec pattern is webpack's __webpack_require__ module loader combined with browser fetch APIs in the bundled UI code — standard for a prebuilt browser bundle, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.58ee6c5c0cfaec21e272.manager.bundle.js | AI (source-diff): Storybook ships a prebuilt webpack manager bundle in every release; minified output is expected and the sample content is recognizable Storybook UI code. | ai | |
| source-diff | net-exec-file:prebuilt/main.58ee6c5c0cfaec21e272.manager.bundle.js | AI (source-diff): webpack __webpack_require__ + network calls in the Storybook manager bundle is standard application behavior, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/1.72630d73d8f412ec6080.manager.bundle.js | AI (source-diff): Standard minified webpack bundle for Storybook manager UI. Exports SyntaxHighlighter component — legitimate Storybook UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/0.73b613cd70f3fed038b0.manager.bundle.js | AI (source-diff): Standard minified webpack bundle for Storybook manager UI. Long lines are expected in webpack output; no malicious content in samples. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.3766b33379b32257eed9.manager.bundle.js | AI (source-diff): Vendors webpack bundle combining network and dynamic requires is expected behavior. False positive for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9cc5476bdde10022f9c9.manager.bundle.js | AI (source-diff): Standard minified webpack main bundle for Storybook manager UI. Expected artifact for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/8.e441a5ff15658a1c0d88.manager.bundle.js | AI (source-diff): Standard minified webpack bundle. Exports GlobalScrollAreaStyles — legitimate Storybook UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/9.a7c91e4af01385325d07.manager.bundle.js | AI (source-diff): Standard minified webpack bundle. Exports OverlayScrollbarsComponent — legitimate Storybook UI code. | ai | |
| source-diff | obfuscated-file:prebuilt/7.4ca1c17f693c4eb0f95b.manager.bundle.js | AI (source-diff): Standard minified webpack bundle. Exports ColorControl component — legitimate Storybook UI code. | ai | |
| source-diff | net-exec-file:prebuilt/6.2a44c00316f6a93b58cb.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine network calls (lazy chunk loading) with dynamic requires. This is a false positive for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/6.2a44c00316f6a93b58cb.manager.bundle.js | AI (source-diff): Standard minified webpack bundle for Storybook manager UI. Legitimate Storybook component bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/2.db342c46fe1590fdf187.manager.bundle.js | AI (source-diff): Standard minified webpack bundle for Storybook manager UI. Exports WithTooltip component — legitimate Storybook UI code. | ai | |
| provenance | no-provenance | AI (provenance): Storybook 6.x predates Sigstore provenance; published by a highly trusted maintainer (14k+ approvals, 0 rejections). | ai | |
| source-diff | net-exec-file:prebuilt/main.9cc5476bdde10022f9c9.manager.bundle.js | AI (source-diff): Webpack bundles inherently combine network calls with dynamic requires. False positive for prebuilt Storybook manager bundles. | ai | |
| source-diff | net-exec-file:prebuilt/main.e2663b1cf842947d1a59.manager.bundle.js | AI (source-diff): webpack's __webpack_require__ + bundled network modules triggers this rule; this is standard prebuilt manager bundle behavior for Storybook, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.e2663b1cf842947d1a59.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as part of its normal release process; minified webpack output is expected and not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/main.7b4aec9c4352d4bb535b.manager.bundle.js | AI (source-diff): The net+exec pattern is webpack's __webpack_require__ dynamic module loading, not actual network+eval malware. Expected in this package's prebuilt bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/main.7b4aec9c4352d4bb535b.manager.bundle.js | AI (source-diff): @storybook/manager-webpack5 ships a prebuilt webpack manager UI bundle by design; minified output in prebuilt/ is expected and stable for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/5.fa71488e730c5c7f885f.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (hast/HTML attribute schemas); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/0.b73eaee9a88f178d62ed.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as minified JS chunks; this is expected and documented behavior for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/1.f296d183a17268696d73.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (react-popper-tooltip, etc.); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/10.9998ba67d65d81d20896.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (SyntaxHighlighter, prism); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/11.49c687eaa6261f8b7be2.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (OverlayScrollbars); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/6.8096ae4aadde0743697b.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (color-convert); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/7.b34baecbd082bc7b188d.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (ScrollArea/OverlayScrollbars styles); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/8.15577edffecf900a8de2.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk (OverlayScrollbarsComponent); minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/9.d7d85aa0a49a98f17218.manager.bundle.js | AI (source-diff): Standard webpack-bundled UI chunk; minification is expected for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.0c05af03c79936f38e91.manager.bundle.js | AI (source-diff): Main Storybook manager bundle; minification is expected and documented for prebuilt Storybook manager bundles. | ai | |
| source-diff | net-exec-file:prebuilt/main.0c05af03c79936f38e91.manager.bundle.js | AI (source-diff): Browser-side Storybook manager bundle legitimately contains fetch calls (API communication) and dynamic code patterns (parsers). No dropper behavior evident. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.d3455eed64b243c89325.manager.bundle.js | AI (source-diff): Browser-side vendor bundle for Storybook manager; network+exec pattern is from bundled libraries (fetch, eval in parsers), not malware. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Storybook manager-webpack5 ships prebuilt webpack chunks; a large number of new bundle files is expected when prebuilt assets are added. | ai | |
| source-diff | net-exec-file:prebuilt/main.f30031703e01c6eaa3f0.manager.bundle.js | AI (source-diff): Network + eval patterns in this file are webpack module system artifacts in a legitimate prebuilt manager bundle, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f30031703e01c6eaa3f0.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles in prebuilt/; minified output is expected and documented. Not obfuscation — standard webpack bundle format. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.95b29d510e9a1f3bb433.manager.bundle.js | AI (source-diff): Webpack vendor bundle with fetch/XHR calls — standard pattern for bundled third-party libraries in Storybook manager UI. | ai | |
| source-diff | net-exec-file:prebuilt/main.66e787f7ed3a72f42015.manager.bundle.js | AI (source-diff): Webpack bundle with fetch calls for Storybook API and dynamic require — not dropper/loader malware. Expected pattern for Storybook manager UI. | ai | |
| source-diff | obfuscated-file:prebuilt/main.66e787f7ed3a72f42015.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/9.a5725bb040c084fe6ef2.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/8.db042c1d94ffe0ee5ea3.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/7.4da576e438b3807e47be.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/6.98f130cd27fdf7eb3a72.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/2.b65894c3feb13613d8bf.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | net-exec-file:prebuilt/10.5ccc52dfc06f9584d36f.manager.bundle.js | AI (source-diff): Webpack bundle with fetch calls for Storybook API and dynamic require — not dropper/loader malware. Expected pattern for Storybook manager UI. | ai | |
| source-diff | obfuscated-file:prebuilt/10.5ccc52dfc06f9584d36f.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| source-diff | obfuscated-file:prebuilt/0.5475f1b09f45f09efaa2.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. This is the expected distribution format for the Storybook manager UI. | ai | |
| source-diff | obfuscated-file:prebuilt/1.5bf9ee0884263729115d.manager.bundle.js | AI (source-diff): Standard webpack minified bundle in Storybook's prebuilt/ directory. Expected distribution format. | ai | |
| phantom-deps | phantom-dep:@storybook/theming | AI (phantom-deps): @storybook/theming is used by the prebuilt bundles at runtime; phantom-dep false positive for same-org packages loaded via webpack. | ai | |
| source-diff | obfuscated-file:prebuilt/8.b541eadfcb9164835dfc.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/main.9293b4481147b8416bf5.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading via webpack __webpack_require__ are standard in Storybook's prebuilt manager UI bundle. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9293b4481147b8416bf5.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/9.411ac8e451bbb10926c7.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/7.3d04765dbf3f1dcd706c.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/6.3bd64d820f3745f262ff.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/5.f459d151315e6780c20f.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/11.f4e922583ae35da460f3.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/10.a85ea1a67689be8e19ff.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/1.9ebd2fb519f6726108de.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | obfuscated-file:prebuilt/0.799c368cbe88266827ba.manager.bundle.js | AI (source-diff): Prebuilt webpack bundles are this package's core deliverable; minified long-line JS is expected and not malicious. | ai | |
| source-diff | net-exec-file:prebuilt/main.3fb8cb266a67ec5355cf.manager.bundle.js | AI (source-diff): False positive: webpack dynamic module loading (__webpack_require__) combined with UI network calls in a prebuilt Storybook manager bundle is not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:prebuilt/main.3fb8cb266a67ec5355cf.manager.bundle.js | AI (source-diff): This is a standard webpack-minified prebuilt manager UI bundle for Storybook. Minification is expected; no actual obfuscation or malicious intent present. | ai | |
| source-diff | net-exec-file:prebuilt/main.ba5702ff43966b9c541c.manager.bundle.js | AI (source-diff): Network + code execution pattern is webpack module loading (__webpack_require__), not dropper/loader malware. Standard for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.ba5702ff43966b9c541c.manager.bundle.js | AI (source-diff): Storybook manager ships prebuilt webpack bundles as part of its architecture; minified bundle output is expected and not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:prebuilt/vendors~main.f7f16cebbf3aa96a4f89.manager.bundle.js | AI (source-diff): Same as above — webpack vendor bundle for Storybook manager UI. The pattern is standard webpack module federation, not malicious network execution. | ai | |
| source-diff | net-exec-file:prebuilt/main.74031930c6d977d7ec44.manager.bundle.js | AI (source-diff): Network calls and __webpack_require__ dynamic loading are standard webpack bundle patterns, not dropper/loader malware. False positive for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.74031930c6d977d7ec44.manager.bundle.js | AI (source-diff): This is a standard webpack minified bundle (prebuilt manager UI). Long lines are expected minification artifacts, not obfuscation. Storybook ships prebuilt bundles in the prebuilt/ directory by design. | ai | |
| source-diff | net-exec-file:prebuilt/main.2ef57e02a2c93d5321be.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading (__webpack_require__) in a prebuilt browser UI bundle are standard webpack patterns, not dropper/loader behavior. Expected for Storybook's manager UI. | ai | |
| source-diff | obfuscated-file:prebuilt/main.2ef57e02a2c93d5321be.manager.bundle.js | AI (source-diff): Storybook manager-webpack5 ships prebuilt webpack bundles for the manager UI by design. Minified webpack output in prebuilt/ is expected and consistent across all versions of this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.12715e9abb4a0e07ef3a.manager.bundle.js | AI (source-diff): Network+exec pattern triggered by webpack's __webpack_require__ dynamic module loading, not actual dropper behavior. Standard for prebuilt Storybook manager bundles. | ai | |
| source-diff | obfuscated-file:prebuilt/main.12715e9abb4a0e07ef3a.manager.bundle.js | AI (source-diff): Prebuilt webpack manager bundle for Storybook UI; minified webpack output is expected and not obfuscation. Pattern is stable across Storybook manager-webpack5 releases. | ai | |
| source-diff | obfuscated-file:prebuilt/main.991fa6e71cce7c92d381.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack-minified manager bundles; long-line minified output is expected and documented for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.991fa6e71cce7c92d381.manager.bundle.js | AI (source-diff): False positive: webpack __webpack_require__ dynamic loading + browser fetch in Storybook manager UI bundle is not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:prebuilt/main.712845f044398eb33e41.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as part of its normal release process; minified webpack output is expected and not obfuscation. | ai | |
| source-diff | net-exec-file:prebuilt/main.712845f044398eb33e41.manager.bundle.js | AI (source-diff): Network calls and dynamic require in a webpack bundle are standard Storybook manager UI patterns, not dropper/loader malware indicators. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Build-tool package; @babel/core is used at build time via convention, not direct import. | ai | |
| source-diff | obfuscated-file:prebuilt/main.9bb085ebb152f5b19a2a.manager.bundle.js | AI (source-diff): This package intentionally ships prebuilt webpack manager bundles in prebuilt/; minified webpack output is expected and not obfuscation. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): @types/node is a type-only dependency used for TypeScript compilation, not a runtime import. | ai | |
| phantom-deps | phantom-dep:file-system-cache | AI (phantom-deps): Referenced in config files by convention in this build-tool package; stable false positive. | ai | |
| source-diff | net-exec-file:prebuilt/main.9bb085ebb152f5b19a2a.manager.bundle.js | AI (source-diff): Storybook manager bundle legitimately contains webpack dynamic requires and API calls to the dev server; not dropper behavior. | ai | |
| source-diff | net-exec-file:prebuilt/main.f6ea2eb3c91b1561afa2.manager.bundle.js | AI (source-diff): Network calls and dynamic module loading in a webpack UI bundle are standard patterns for Storybook's manager interface, not dropper/loader behavior. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() in webpack bundles is a known pattern for source maps and dynamic requires; consistent with legitimate Storybook prebuilt bundle from official repo. | ai | |
| source-diff | obfuscated-file:prebuilt/main.f6ea2eb3c91b1561afa2.manager.bundle.js | AI (source-diff): Storybook ships prebuilt webpack manager bundles as a documented performance optimization. Minified webpack output is expected and not malicious for this package. | ai | |
| source-diff | obfuscated-file:prebuilt/main.93d2c8aa127bed373c8a.manager.bundle.js | AI (source-diff): Storybook ships prebuilt minified webpack manager bundles as part of its normal release process; minification is not obfuscation and this pattern is stable for this package. | ai | |
| source-diff | net-exec-file:prebuilt/main.93d2c8aa127bed373c8a.manager.bundle.js | AI (source-diff): The network+exec pattern is triggered by webpack's module loader in the prebuilt manager bundle, not actual dropper behavior. Expected for this package. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 6.5.16 | 32 / 4 | |
| 6.5.15 | 32 / 4 | |
| 6.5.14 | 32 / 4 | |
| 6.5.13 | 32 / 4 | |
| 6.5.12 | 32 / 4 | |
| 6.5.11 | 32 / 4 | |
| 6.5.10 | 32 / 4 | |
| 6.5.9 | 32 / 4 | |
| 6.5.8 | 32 / 4 | |
| 6.5.7 | 32 / 4 | |
| 6.5.6 | 32 / 4 | |
| 6.5.5 | 32 / 4 | |
| 6.5.4 | 32 / 4 | |
| 6.5.3 | 32 / 4 | |
| 6.5.2 | 32 / 4 | |
| 6.5.0 | 32 / 4 | |
| 6.4.22 | 33 / 4 | |
| 6.4.21 | 33 / 4 | |
| 6.4.20 | 33 / 4 | |
| 6.4.19 | 33 / 4 | |
| 6.4.18 | 33 / 4 | |
| 6.4.17 | 33 / 4 | |
| 6.4.16 | 33 / 4 | |
| 6.4.15 | 33 / 4 | |
| 6.4.14 | 33 / 4 | |
| 6.4.13 | 32 / 4 | |
| 6.4.12 | 32 / 4 | |
| 6.4.10 | 32 / 4 | |
| 6.4.8 | 32 / 4 | |
| 6.4.7 | 32 / 4 | |
| 6.4.5 | 32 / 4 | |
| 6.4.4 | 32 / 4 | |
| 6.4.3 | 32 / 4 | |
| 6.4.2 | 32 / 4 | |
| 6.4.1 | 32 / 4 | |
| 6.4.0 | 32 / 4 | |
| 6.3.13 | 35 / 5 | |
| 6.3.12 | 35 / 5 | |
| 6.3.11 | 35 / 5 | |
| 6.3.10 | 35 / 5 | |
| 6.3.9 | 35 / 5 | |
| 6.3.8 | 35 / 5 | |
| 6.3.7 | 35 / 5 | |
| 6.3.6 | 35 / 5 | |
| 6.3.5 | 35 / 5 | |
| 6.3.4 | 35 / 5 | |
| 6.3.3 | 35 / 5 | |
| 6.3.2 | 35 / 5 | |
| 6.3.1 | 35 / 5 | |
| 6.3.0 | 35 / 5 |
v6.5.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.10
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.9
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.8
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.5.0
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.22
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.21
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.20
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.18
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.12
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.4.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.13
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.