@tscircuit/eval
Evaluate code in a full tscircuit runtime environment, including Sucrase transpilation and execution, so you just need to send the code to be executed with automatic handling of imports from `@tsci/*`
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:@tscircuit/jlcpcb-manufacturing-specs | AI (npm-metadata): SHA-pinned devDependency only; not shipped to consumers, and SHA pinning is actually more secure than semver. | ai | |
| source-diff | encoded-string-file:dist/webworker/entrypoint.js | AI (source-diff): Minified bundled SVG/chart code in webworker entrypoint; not an obfuscated payload, stable pattern for this package. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs a local version-copy script and bun install --ignore-scripts; no external fetch or malicious behavior. | ai | |
| source-diff | encoded-string-file:dist/blob-url.js | AI (source-diff): dist/blob-url.js is intentionally built by build:blob-url script to embed a Web Worker as a base64 blob URL. The encoded content is standard ESM bundler boilerplate, not a malicious payload. Stable pattern for this package. | ai |
Versions (showing 100 of 759)
| Version | Deps | Published |
|---|---|---|
| 0.0.822 | 0 / 72 | |
| 0.0.821 | 0 / 72 | |
| 0.0.820 | 0 / 72 | |
| 0.0.819 | 0 / 72 | |
| 0.0.818 | 0 / 72 | |
| 0.0.817 | 0 / 72 | |
| 0.0.816 | 0 / 72 | |
| 0.0.815 | 0 / 72 | |
| 0.0.814 | 0 / 72 | |
| 0.0.813 | 0 / 72 | |
| 0.0.812 | 0 / 72 | |
| 0.0.811 | 0 / 72 | |
| 0.0.810 | 0 / 72 | |
| 0.0.809 | 0 / 72 | |
| 0.0.808 | 0 / 72 | |
| 0.0.807 | 0 / 72 | |
| 0.0.806 | 0 / 72 | |
| 0.0.805 | 0 / 72 | |
| 0.0.804 | 0 / 72 | |
| 0.0.803 | 0 / 72 | |
| 0.0.802 | 0 / 72 | |
| 0.0.801 | 0 / 72 | |
| 0.0.800 | 0 / 72 | |
| 0.0.799 | 0 / 72 | |
| 0.0.798 | 0 / 72 | |
| 0.0.797 | 0 / 72 | |
| 0.0.796 | 0 / 72 | |
| 0.0.795 | 0 / 72 | |
| 0.0.794 | 0 / 72 | |
| 0.0.793 | 0 / 72 | |
| 0.0.792 | 0 / 72 | |
| 0.0.791 | 0 / 72 | |
| 0.0.790 | 0 / 72 | |
| 0.0.789 | 0 / 72 | |
| 0.0.788 | 0 / 72 | |
| 0.0.787 | 0 / 72 | |
| 0.0.786 | 0 / 72 | |
| 0.0.785 | 0 / 72 | |
| 0.0.784 | 0 / 72 | |
| 0.0.783 | 0 / 72 | |
| 0.0.782 | 0 / 72 | |
| 0.0.781 | 0 / 72 | |
| 0.0.780 | 0 / 72 | |
| 0.0.779 | 0 / 72 | |
| 0.0.778 | 0 / 72 | |
| 0.0.777 | 0 / 72 | |
| 0.0.776 | 0 / 72 | |
| 0.0.775 | 0 / 72 | |
| 0.0.774 | 0 / 72 | |
| 0.0.773 | 0 / 72 | |
| 0.0.772 | 0 / 72 | |
| 0.0.771 | 0 / 72 | |
| 0.0.770 | 0 / 72 | |
| 0.0.769 | 0 / 72 | |
| 0.0.768 | 0 / 71 | |
| 0.0.767 | 0 / 71 | |
| 0.0.766 | 0 / 71 | |
| 0.0.765 | 0 / 71 | |
| 0.0.764 | 0 / 71 | |
| 0.0.763 | 0 / 71 | |
| 0.0.762 | 0 / 71 | |
| 0.0.761 | 0 / 71 | |
| 0.0.760 | 0 / 71 | |
| 0.0.759 | 0 / 71 | |
| 0.0.758 | 0 / 71 | |
| 0.0.757 | 0 / 71 | |
| 0.0.756 | 0 / 71 | |
| 0.0.755 | 0 / 71 | |
| 0.0.754 | 0 / 71 | |
| 0.0.753 | 0 / 71 | |
| 0.0.752 | 0 / 71 | |
| 0.0.751 | 0 / 71 | |
| 0.0.750 | 0 / 71 | |
| 0.0.749 | 0 / 71 | |
| 0.0.748 | 0 / 71 | |
| 0.0.747 | 0 / 71 | |
| 0.0.746 | 0 / 71 | |
| 0.0.745 | 0 / 71 | |
| 0.0.744 | 0 / 71 | |
| 0.0.743 | 0 / 71 | |
| 0.0.742 | 0 / 71 | |
| 0.0.741 | 0 / 71 | |
| 0.0.740 | 0 / 71 | |
| 0.0.739 | 0 / 71 | |
| 0.0.738 | 0 / 71 | |
| 0.0.737 | 0 / 71 | |
| 0.0.736 | 0 / 71 | |
| 0.0.735 | 0 / 71 | |
| 0.0.734 | 0 / 71 | |
| 0.0.733 | 0 / 71 | |
| 0.0.732 | 0 / 70 | |
| 0.0.731 | 0 / 70 | |
| 0.0.730 | 0 / 70 | |
| 0.0.729 | 0 / 70 | |
| 0.0.728 | 0 / 70 | |
| 0.0.727 | 0 / 70 | |
| 0.0.726 | 0 / 70 | |
| 0.0.725 | 0 / 70 | |
| 0.0.724 | 0 / 70 | |
| 0.0.723 | 0 / 70 |
v0.0.822
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.821
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.820
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.819
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.818
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.817
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.816
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.815
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.814
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.813
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.812
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.811
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.810
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.809
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.808
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.807
2 findingsDependency '@tscircuit/jlcpcb-manufacturing-specs' in `devDependencies` points to 'git+https://github.com/tscircuit/jlcpcb-manufacturing-specs.git#e08af159db01a37db007e33f0a7268d0e4a279a5' instead of a registry version. URL dependencies bypass the registry and can be swapped at any time. A 40-character commit SHA in a dependency URL is a strong supply-chain signal — the 2026-05-11 TanStack/Mini Shai-Hulud attack used this exact shape in `optionalDependencies` to smuggle a malicious payload past lifecycle-script and OSV checks.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.806
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.805
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.804
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.803
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.802
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.799
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.797
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.796
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.795
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.794
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.793
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.791
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.790
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.789
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.788
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.787
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.786
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.785
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.784
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.783
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.782
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.781
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.780
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.779
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.778
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.777
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.776
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.775
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.774
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.773
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.772
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.771
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.770
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.769
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.768
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.767
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.766
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.765
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.764
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.763
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.762
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.761
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.760
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.759
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.758
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.757
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.756
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.755
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.754
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.753
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.752
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.751
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.750
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.749
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.748
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.747
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.746
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.745
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.744
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.743
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.742
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.741
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.740
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.739
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.738
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.737
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.736
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.735
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.734
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.733
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.732
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.731
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.730
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.729
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.728
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.727
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.726
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.725
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.724
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.723
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.