@tanstack/query-core
The framework agnostic core that powers TanStack Query
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:build/legacy/hydration-Dh_94ejg.d.ts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — standard tsc output, not obfuscated code. Stable false positive for this package's build artifacts. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DTop62kY.d.cts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — standard tsc output, not obfuscated code. Stable false positive for this package's build artifacts. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DTop62kY.d.cts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — standard tsc output, not obfuscated code. Stable false positive for this package's build artifacts. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-Dh_94ejg.d.ts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — standard tsc output, not obfuscated code. Stable false positive for this package's build artifacts. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DofhGwZq.d.cts | AI (source-diff): Generated TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-iULCH7y8.d.ts | AI (source-diff): Generated TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-iULCH7y8.d.ts | AI (source-diff): Generated TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DofhGwZq.d.cts | AI (source-diff): Generated TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BpLOP9Dw.d.ts | AI (source-diff): Bundled TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for @tanstack/query-core's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BC7iBQD-.d.cts | AI (source-diff): Bundled TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for @tanstack/query-core's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BC7iBQD-.d.cts | AI (source-diff): Bundled TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for @tanstack/query-core's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BpLOP9Dw.d.ts | AI (source-diff): Bundled TypeScript declaration file with long lines due to complex generic type signatures — not obfuscated code. Stable false positive for @tanstack/query-core's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-ARTNZLYF.d.ts | AI (source-diff): TypeScript declaration file with long lines due to type bundling. No executable code; entirely readable type definitions. False positive for this build pattern. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-Ddp1Wtqw.d.cts | AI (source-diff): TypeScript declaration file with long lines due to type bundling. No executable code; entirely readable type definitions. False positive for this build pattern. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-Ddp1Wtqw.d.cts | AI (source-diff): TypeScript declaration file with long lines due to type bundling (tsup/rollup-plugin-dts). No executable code; entirely readable type definitions. False positive for this build pattern. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-ARTNZLYF.d.ts | AI (source-diff): TypeScript declaration file with long lines due to type bundling. No executable code; entirely readable type definitions. False positive for this build pattern. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DOK63YV3.d.cts | AI (source-diff): TypeScript declaration file with long lines from rollup-style .d.ts bundling — not obfuscated code. Standard build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BCmGsgwb.d.ts | AI (source-diff): TypeScript declaration file with long lines from rollup-style .d.ts bundling — not obfuscated code. Standard build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BCmGsgwb.d.ts | AI (source-diff): TypeScript declaration file with long lines from rollup-style .d.ts bundling — not obfuscated code. Standard build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DOK63YV3.d.cts | AI (source-diff): TypeScript declaration file with long lines from rollup-style .d.ts bundling — not obfuscated code. Standard build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CYIcz6o-.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated executable code. Content-hashed build output from bundler, standard for TanStack packages. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-wIUo5Xh0.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated executable code. Content-hashed build output from bundler, standard for TanStack packages. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-wIUo5Xh0.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated executable code. Content-hashed build output from bundler, standard for TanStack packages. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CYIcz6o-.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated executable code. Content-hashed build output from bundler, standard for TanStack packages. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-YFGUKxMa.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures; hash-suffixed name is a bundler artifact. No executable code, not obfuscated. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BCnR_RAv.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures; hash-suffixed name is a bundler artifact. No executable code, not obfuscated. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BCnR_RAv.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures; hash-suffixed name is a bundler artifact. No executable code, not obfuscated. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-YFGUKxMa.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures; hash-suffixed name is a bundler artifact. No executable code, not obfuscated. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-17eepgNg.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated code. Long lines are verbose TS generics in bundled .d.ts files, a known false positive for this heuristic. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-17eepgNg.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated code. Long lines are verbose TS generics in bundled .d.ts files, a known false positive for this heuristic. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-TwHKRJLE.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated code. Long lines are verbose TS generics in bundled .d.cts files, a known false positive for this heuristic. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-TwHKRJLE.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures — not obfuscated code. Long lines are verbose TS generics in bundled .d.cts files, a known false positive for this heuristic. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CtO4E1xH.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundler concatenation — not obfuscated executable code. Hash suffix is a bundler cache-busting pattern. No executable payload present. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CwHgLAeW.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundler concatenation — not obfuscated executable code. Hash suffix is a bundler cache-busting pattern. No executable payload present. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CwHgLAeW.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundler concatenation — not obfuscated executable code. Hash suffix is a bundler cache-busting pattern. No executable payload present. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CtO4E1xH.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundler concatenation — not obfuscated executable code. Hash suffix is a bundler cache-busting pattern. No executable payload present. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-n7FlH3vr.d.cts | AI (source-diff): TypeScript declaration file with long lines due to bundled type definitions — standard build output, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BaHDIfRR.d.ts | AI (source-diff): TypeScript declaration file with long lines due to bundled type definitions — standard build output, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BaHDIfRR.d.ts | AI (source-diff): TypeScript declaration file with long lines due to bundled type definitions — standard build output, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-n7FlH3vr.d.cts | AI (source-diff): TypeScript declaration file with long lines due to bundled type definitions — standard build output, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BYonJkjc.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines from complex generic type signatures — not executable code, not obfuscated. SLSA provenance confirmed. False positive for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-_hO-y142.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines from complex generic type signatures — not executable code, not obfuscated. SLSA provenance confirmed. False positive for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-_hO-y142.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines from complex generic type signatures — not executable code, not obfuscated. SLSA provenance confirmed. False positive for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BYonJkjc.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines from complex generic type signatures — not executable code, not obfuscated. SLSA provenance confirmed. False positive for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-D0MPgBG9.d.ts | AI (source-diff): TypeScript declaration file generated by tsup/rollup-dts; long lines are a build artifact, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-QvU7ROZT.d.cts | AI (source-diff): TypeScript declaration file generated by tsup/rollup-dts; long lines are a build artifact, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-QvU7ROZT.d.cts | AI (source-diff): TypeScript declaration file generated by tsup/rollup-dts; long lines are a build artifact, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-D0MPgBG9.d.ts | AI (source-diff): TypeScript declaration file generated by tsup/rollup-dts; long lines are a build artifact, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BubklUgv.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type output — not obfuscated executable code. Standard Rollup/tsup build artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BubklUgv.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type output — not obfuscated executable code. Standard Rollup/tsup build artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DYrnn9Jo.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type output — not obfuscated executable code. Standard Rollup/tsup build artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DYrnn9Jo.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type output — not obfuscated executable code. Standard Rollup/tsup build artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DgVqMV9G.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures from Rollup content-hashed build output. Not executable code; no obfuscation present. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-C0rn_HEc.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures from Rollup content-hashed build output. Not executable code; no obfuscation present. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-C0rn_HEc.d.ts | AI (source-diff): TypeScript declaration file with long generic type signatures from Rollup content-hashed build output. Not executable code; no obfuscation present. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DgVqMV9G.d.cts | AI (source-diff): TypeScript declaration file with long generic type signatures from Rollup content-hashed build output. Not executable code; no obfuscation present. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-B0J2Tmyo.d.ts | AI (source-diff): Generated TypeScript declaration file with long generic type signatures. No executable code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-B0J2Tmyo.d.ts | AI (source-diff): Generated TypeScript declaration file with long generic type signatures. No executable code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CGqN5JZ-.d.cts | AI (source-diff): Generated TypeScript declaration file with long generic type signatures. No executable code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CGqN5JZ-.d.cts | AI (source-diff): This is a generated TypeScript declaration file (.d.cts). Long lines are TypeScript generic type signatures, not obfuscated executable code. Stable false positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CADtEOkK.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type definitions — not obfuscated executable code. Normal build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-Cvr-9VdO.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type definitions — not obfuscated executable code. Normal build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-Cvr-9VdO.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type definitions — not obfuscated executable code. Normal build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CADtEOkK.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type definitions — not obfuscated executable code. Normal build artifact for @tanstack/query-core. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CdBkFt9i.d.cts | AI (source-diff): Bundled TypeScript declaration file (.d.cts); long lines are type definitions, not obfuscated code. False positive for this rule on .d.ts/.d.cts rollup files. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CdBkFt9i.d.cts | AI (source-diff): Bundled TypeScript declaration file (.d.cts); long lines are type definitions, not obfuscated code. False positive for this rule on .d.ts/.d.cts rollup files. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-Cr-4Kky1.d.ts | AI (source-diff): Bundled TypeScript declaration file (.d.ts); long lines are type definitions, not obfuscated code. False positive for this rule on .d.ts/.d.cts rollup files. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-Cr-4Kky1.d.ts | AI (source-diff): Bundled TypeScript declaration file (.d.ts); long lines are type definitions, not obfuscated code. False positive for this rule on .d.ts/.d.cts rollup files. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-GTiXepW_.d.cts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — not obfuscated code. .d.ts/.d.cts files are never executed at runtime. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-B3ndIyL6.d.ts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — not obfuscated code. .d.ts/.d.cts files are never executed at runtime. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-B3ndIyL6.d.ts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — not obfuscated code. .d.ts/.d.cts files are never executed at runtime. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-GTiXepW_.d.cts | AI (source-diff): TypeScript declaration file with long lines from complex generic type signatures — not obfuscated code. .d.ts/.d.cts files are never executed at runtime. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-B6nZCPcW.d.cts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type signatures in generated build output. Not executable code; no malicious content. Normal for TanStack Query's build tooling. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-B6nZCPcW.d.cts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type signatures in generated build output. Not executable code; no malicious content. Normal for TanStack Query's build tooling. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-ZCurbX1S.d.ts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type signatures in generated build output. Not executable code; no malicious content. Normal for TanStack Query's build tooling. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-ZCurbX1S.d.ts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type signatures in generated build output. Not executable code; no malicious content. Normal for TanStack Query's build tooling. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CwYEwyQI.d.cts | AI (source-diff): TypeScript declaration bundle file; long lines are complex generic type signatures, not obfuscated code. Confirmed by SLSA provenance and trusted publisher. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CwYEwyQI.d.cts | AI (source-diff): TypeScript declaration bundle file; long lines are complex generic type signatures, not obfuscated code. Confirmed by SLSA provenance and trusted publisher. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BlEK5ylC.d.ts | AI (source-diff): TypeScript declaration bundle file; long lines are complex generic type signatures, not obfuscated code. Confirmed by SLSA provenance and trusted publisher. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BlEK5ylC.d.ts | AI (source-diff): TypeScript declaration bundle file; long lines are complex generic type signatures, not obfuscated code. Confirmed by SLSA provenance and trusted publisher. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CyNNBExb.d.cts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type inlining — not obfuscated. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CyNNBExb.d.cts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type inlining — not obfuscated. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DEHujg3S.d.ts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type inlining — not obfuscated. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DEHujg3S.d.ts | AI (source-diff): TypeScript declaration file with long lines due to complex generic type inlining — not obfuscated. Pattern is stable for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CfvD_Kks.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines from declaration bundling — no executable code, purely type information. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DksKBgQq.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines from declaration bundling — no executable code, purely type information. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DksKBgQq.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines from declaration bundling — no executable code, purely type information. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CfvD_Kks.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines from declaration bundling — no executable code, purely type information. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BlEVG2Lp.d.ts | AI (source-diff): TypeScript declaration bundle files (.d.cts/.d.ts) legitimately contain long lines from concatenated type declarations. Not obfuscation — standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BlEVG2Lp.d.ts | AI (source-diff): TypeScript declaration bundle files (.d.cts/.d.ts) legitimately contain long lines from concatenated type declarations. Not obfuscation — standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-uphG6M-i.d.cts | AI (source-diff): TypeScript declaration bundle files (.d.cts/.d.ts) legitimately contain long lines from concatenated type declarations. Not obfuscation — standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-uphG6M-i.d.cts | AI (source-diff): TypeScript declaration bundle files (.d.cts/.d.ts) legitimately contain long lines from concatenated type declarations. Not obfuscation — standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-C-jfQLut.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not executable code, not obfuscated. Standard build output for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-BD1pRmcy.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines due to concatenated type definitions — not executable code, not obfuscated. Standard build output for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-BD1pRmcy.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines due to concatenated type definitions — not executable code, not obfuscated. Standard build output for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-C-jfQLut.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not executable code, not obfuscated. Standard build output for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-8VcLQyVA.d.cts | AI (source-diff): TypeScript declaration file with long lines due to bundled type concatenation (tsup/rollup-plugin-dts artifact). No executable code. Standard for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CWlNqMe2.d.ts | AI (source-diff): TypeScript declaration file with long lines due to bundled type concatenation. No executable code. Standard for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CWlNqMe2.d.ts | AI (source-diff): TypeScript declaration file with long lines due to bundled type concatenation. No executable code. Standard for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-8VcLQyVA.d.cts | AI (source-diff): TypeScript declaration file with long lines due to bundled type concatenation. No executable code. Standard for TanStack Query build output. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-CeGZtiZv.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long generic type signatures — not obfuscated code. Standard bundled .d.ts rollup artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-DWB9yu-g.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long generic type signatures — not obfuscated code. Standard bundled .d.ts rollup artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/modern/hydration-DWB9yu-g.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long generic type signatures — not obfuscated code. Standard bundled .d.ts rollup artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/legacy/hydration-CeGZtiZv.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long generic type signatures — not obfuscated code. Standard bundled .d.ts rollup artifact for TanStack Query. | ai | |
| source-diff | obfuscated-file:build/umd/index.production.js | AI (source-diff): Standard minified UMD production build output for @tanstack/query-core. The sample shows recognizable TanStack Query internals; this is expected build artifact minification, not obfuscation. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers (tkdodo, kevinvandy, etc.) are well-known TanStack Query community contributors. Legitimate team expansion for this major OSS project. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): nksaraf removal is part of a legitimate maintainer roster update for the TanStack project. No takeover indicators given SLSA provenance and known new maintainers. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Only 2 versions in registry; the gap reflects this namespace being newly active in the monorepo release pipeline, not account dormancy. SLSA provenance confirms legitimate CI publish. | ai | |
| provenance | publisher-changed | AI (provenance): TanStack/query migrated to GitHub Actions CI/CD publishing with SLSA provenance. This is a supply chain improvement, not a compromise. Stable for this package going forward. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() in queryObserver.ts is TanStack Query's documented Proxy-based result tracking pattern, not obfuscation. | ai |
Versions (showing 51 of 344)
| Version | Deps | Published |
|---|---|---|
| 5.100.14 | 0 / 2 | |
| 5.100.13 | 0 / 2 | |
| 5.100.12 | 0 / 2 | |
| 5.100.11 | 0 / 2 | |
| 5.100.10 | 0 / 2 | |
| 5.100.9 | 0 / 2 | |
| 5.100.8 | 0 / 2 | |
| 5.100.7 | 0 / 2 | |
| 5.100.6 | 0 / 2 | |
| 5.100.5 | 0 / 2 | |
| 5.100.4 | 0 / 2 | |
| 5.100.3 | 0 / 2 | |
| 5.100.2 | 0 / 2 | |
| 5.100.1 | 0 / 2 | |
| 5.100.0 | 0 / 2 | |
| 5.99.2 | 0 / 2 | |
| 5.99.1 | 0 / 2 | |
| 5.99.0 | 0 / 2 | |
| 5.98.0 | 0 / 2 | |
| 5.97.0 | 0 / 2 | |
| 5.96.2 | 0 / 2 | |
| 5.96.1 | 0 / 2 | |
| 5.96.0 | 0 / 2 | |
| 5.95.2 | 0 / 2 | |
| 5.95.1 | 0 / 2 | |
| 5.95.0 | 0 / 2 | |
| 5.94.5 | 0 / 2 | |
| 5.94.4 | 0 / 2 | |
| 5.91.2 | 0 / 2 | |
| 5.91.0 | 0 / 2 | |
| 5.90.20 | 0 / 2 | |
| 5.90.19 | 0 / 2 | |
| 5.90.18 | 0 / 2 | |
| 5.90.17 | 0 / 2 | |
| 5.90.16 | 0 / 2 | |
| 5.90.15 | 0 / 2 | |
| 5.90.14 | 0 / 2 | |
| 5.90.13 | 0 / 2 | |
| 5.90.12 | 0 / 2 | |
| 5.90.11 | 0 / 2 | |
| 5.90.10 | 0 / 2 | |
| 5.90.9 | 0 / 2 | |
| 5.90.8 | 0 / 2 | |
| 5.90.7 | 0 / 2 | |
| 5.90.6 | 0 / 2 | |
| 5.90.5 | 0 / 2 | |
| 5.90.4 | 0 / 2 | |
| 5.90.3 | 0 / 2 | |
| 5.90.2 | 0 / 2 | |
| 5.90.1 | 0 / 2 | |
| 5.89.0 | 0 / 2 |
v5.100.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.100.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.99.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.99.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.98.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.97.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.96.2
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-03. This could indicate a legitimate maintainer transition or an account compromise.
v5.96.1
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-01. This could indicate a legitimate maintainer transition or an account compromise.
v5.96.0
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-03-31. This could indicate a legitimate maintainer transition or an account compromise.
v5.95.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.95.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.95.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.94.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.94.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.91.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.91.0
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.20
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.19
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-17. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.18
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.17
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.16
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.15
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.14
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.13
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
v5.90.12
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.11
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.10
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.90.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.89.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.