@vitest/ui
UI for Vitest
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
antfupatakoreannoyyx990803vitestbot
Keywords
vitesthtmlreporter
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/assets/index-BLZJq7cG.js | AI (source-diff): Minified Vite build output for the UI client; expected for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-_g5qy0bI.js | AI (source-diff): Minified Vite+Vue client bundle; expected for this UI package's dist/client/assets output. | ai | |
| phantom-deps | phantom-dep:vue-virtual-scroller | AI (phantom-deps): Listed as a runtime dependency in package.json; used in the bundled client UI, not directly imported in Node entry. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Official Vitest scoped package; false positive. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Official Vitest scoped package; false positive. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Official Vitest scoped package; Levenshtein match against short names is a false positive. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Official Vitest scoped package; false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Official Vitest scoped package; false positive. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DaKof6xz.js | AI (source-diff): Vite-bundled client UI asset; minified Vue app is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BPQdrqGZ.js | AI (source-diff): Vite-bundled client SPA asset; minification is expected for this package's browser UI. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Cil7RPEC.js | AI (source-diff): This is standard Vite-bundled/minified frontend JS for the UI package. Sample shows Vue 3 internals with copyright headers — minified, not obfuscated. Expected build artifact for @vitest/ui. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CBcuRGkf.js | AI (source-diff): @vitest/ui ships a Vite-built browser UI bundle; minified client assets with long lines are expected output, not obfuscation. SLSA provenance confirms CI build integrity. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Co-EY0lY.js | AI (source-diff): @vitest/ui ships a Vite-bundled client UI; minified JS bundles are expected and the sample shows standard Vue 3 internals, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DYFYwZ2-.js | AI (source-diff): This is standard Vite/Rollup minified Vue SPA output for the UI client bundle. The sample shows recognizable Vue 3 internals with license headers — not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-B3LybwKR.js | AI (source-diff): @vitest/ui ships a Vite-built client SPA; minified/hashed bundle files in dist/client/assets/ are expected build artifacts, not obfuscation. SLSA provenance confirms CI/CD origin. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): yyx990803 is Evan You (Vue/Vite creator), a core ecosystem contributor. Addition is expected and legitimate for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DalB9Rpk.js | AI (source-diff): @vitest/ui ships a Vite-built frontend bundle; hashed asset files in dist/client/assets/ are standard minified output, not obfuscation. Pattern is stable across all versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-YGltZS-e.js | AI (source-diff): This is standard Vite/Rollup-minified frontend bundle output for the @vitest/ui web client. Contains recognizable Vue 3 source with proper license headers. SLSA provenance confirms CI-built artifact. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BjtzXzAw.js | AI (source-diff): @vitest/ui ships a Vite-built frontend bundle; minified JS in dist/client/assets/ is expected build output, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BcP0bNv8.js | AI (source-diff): @vitest/ui ships a Vite-bundled frontend client; minified JS assets in dist/client/assets/ are expected build artifacts, not obfuscation. Pattern is stable across all versions of this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CPanfHPD.js | AI (source-diff): @vitest/ui ships a Vite-built frontend bundle; minified client assets are expected and normal for this package. Sample confirms legitimate Vue/Vite framework code. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CR4OJGrW.js | AI (source-diff): @vitest/ui always ships a minified Vite/Vue client bundle in dist/client/assets/; long lines are standard build output, not obfuscation. Stable pattern across all 345 versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-vKQ25zpc.js | AI (source-diff): @vitest/ui ships a Vite-bundled SPA; large minified JS assets in dist/client/assets/ are expected and normal for this package. Sample confirms standard Vue/Vite bundle content. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DHXSWiHD.js | AI (source-diff): @vitest/ui ships a Vite-built frontend bundle; minified JS assets in dist/client/assets/ are expected build artifacts, not obfuscation. Pattern is stable across versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DWjHzG4O.js | AI (source-diff): Minified frontend bundle is expected for @vitest/ui — it ships a built Vite/Vue client app. Sample shows standard Vue/Vite boilerplate, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Cv3XDLXs.js | AI (source-diff): @vitest/ui ships a Vite-bundled frontend client; minified JS assets are expected and the sample shows standard Vue 3 framework code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CsZqQx26.js | AI (source-diff): @vitest/ui ships a pre-built Vite/Vue frontend; minified JS bundles in dist/client/assets/ are expected build output, not obfuscation. SLSA provenance confirms CI build. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BAYvVM30.js | AI (source-diff): @vitest/ui ships a Vite-built Vue frontend bundle; minified/content-hashed JS files in dist/client/assets/ are expected build artifacts, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-aqqnYS46.js | AI (source-diff): @vitest/ui ships a pre-built Vite/Vue SPA client bundle; minified JS assets are expected in every release. The sample shows standard Vue 3 internals, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BX_iUIjH.js | AI (source-diff): @vitest/ui ships a Vite-built frontend bundle; minified JS assets are expected build outputs, not obfuscation. SLSA provenance confirms CI/CD build integrity. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CkLwJNkP.js | AI (source-diff): @vitest/ui ships a pre-built Vite web client; minified JS bundles in dist/client/assets/ are expected build artifacts, not malicious obfuscation. SLSA provenance confirms CI/CD build integrity. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-D_ryMEPs.js | AI (source-diff): @vitest/ui ships Vite-bundled minified frontend assets in every release; long-line minified JS is expected and the sample shows standard Vue/JS code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CLLxNdKA.js | AI (source-diff): This is a standard Vite-minified frontend bundle for the vitest UI. Long lines are minification artifacts; the sample shows recognizable Vue 3 source with proper license headers. Expected for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BUCFJtth.js | AI (source-diff): This is a Vite-bundled minified frontend JS asset for the vitest UI client. The sample shows standard Vue 3 framework code with license headers — minification, not obfuscation. Expected for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DnyN8l5D.js | AI (source-diff): @vitest/ui ships a Vite-built web UI client; large minified JS bundles with content-hash filenames are the expected build output, not obfuscation. Pattern is stable across all versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CfDzoXo3.js | AI (source-diff): This is a standard Vite-minified frontend bundle for the vitest UI. The sample shows readable Vue 3 code with license headers — minified, not obfuscated. Expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Di71CKDo.js | AI (source-diff): @vitest/ui ships a pre-built Vite/Vue web app; minified JS bundles are expected build artifacts. Sample confirms standard Vue 3 framework code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-zBMt7UWw.js | AI (source-diff): @vitest/ui ships a Vite-built SPA client bundle; minified JS with long lines is expected and the sample shows legitimate Vue 3 internals, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-TGTX-jRo.js | AI (source-diff): This is a Vite-bundled Vue SPA client asset. Content-hashed filenames and minified JS are expected build artifacts for @vitest/ui's frontend. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DflzHTY2.js | AI (source-diff): Large minified JS files are expected build artifacts for @vitest/ui's Vite-built frontend bundle. Content-hashed filenames change with each build. Sample shows legitimate Vue/browser code. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DYO2mJ8d.js | AI (source-diff): This is standard Vite-minified frontend bundle output for the Vitest UI SPA. Long lines are minification artifacts, not obfuscation. Vue internals are clearly visible in the sample. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DZIaN7GU.js | AI (source-diff): @vitest/ui ships a Vite-built web UI; minified client bundles with long lines are expected build artifacts, not obfuscation. Pattern is stable across all versions of this package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-C5TM4_dj.js | AI (source-diff): @vitest/ui ships a Vite-built Vue SPA client; minified/hashed bundle files are expected build artifacts, not obfuscation. SLSA provenance confirms CI/CD origin. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Dpc7kNBC.js | AI (source-diff): @vitest/ui ships a compiled Vite web app frontend; minified JS bundles in dist/client/assets/ are expected build artifacts, not obfuscation. SLSA provenance confirms CI/CD integrity. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-l1rdxr0p.js | AI (source-diff): @vitest/ui ships a pre-built Vite/Vue SPA; large minified client bundles are expected build artifacts, not obfuscation. Pattern is stable across all versions of this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Flagged maintainers (antfu, patak, yyx990803, vitestbot) are prominent Vue/Vite ecosystem authors, not spam. False positive for this package. | ai | |
| phantom-deps | phantom-dep:@vitest/utils | AI (phantom-deps): Sibling monorepo package loaded by convention/framework internals; phantom-dep detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:fflate | AI (phantom-deps): fflate is a declared runtime dependency used in the built client bundle; phantom-dep false positive for bundled packages. | ai |
Versions (showing 51 of 284)
| Version | Deps | Published |
|---|---|---|
| 4.1.7 | 7 / 32 | |
| 4.1.6 | 7 / 32 | |
| 4.1.5 | 7 / 32 | |
| 4.1.4 | 7 / 32 | |
| 4.1.3 | 7 / 32 | |
| 4.1.2 | 7 / 32 | |
| 4.1.1 | 7 / 32 | |
| 4.1.0 | 7 / 32 | |
| 4.0.18 | 7 / 32 | |
| 4.0.17 | 7 / 32 | |
| 4.0.16 | 7 / 32 | |
| 4.0.15 | 7 / 32 | |
| 4.0.14 | 7 / 32 | |
| 4.0.13 | 7 / 32 | |
| 4.0.12 | 7 / 32 | |
| 4.0.11 | 7 / 32 | |
| 4.0.10 | 7 / 32 | |
| 4.0.9 | 7 / 32 | |
| 4.0.8 | 7 / 32 | |
| 4.0.7 | 7 / 32 | |
| 4.0.6 | 7 / 32 | |
| 4.0.5 | 7 / 32 | |
| 4.0.4 | 7 / 32 | |
| 4.0.3 | 7 / 32 | |
| 4.0.2 | 7 / 32 | |
| 4.0.1 | 7 / 32 | |
| 4.0.0 | 7 / 32 | |
| 3.2.4 | 7 / 32 | |
| 3.2.3 | 7 / 32 | |
| 3.2.2 | 7 / 32 | |
| 3.2.1 | 7 / 32 | |
| 3.2.0 | 7 / 32 | |
| 3.1.4 | 7 / 30 | |
| 3.1.3 | 7 / 30 | |
| 3.1.2 | 7 / 30 | |
| 3.1.1 | 7 / 30 | |
| 3.0.9 | 7 / 30 | |
| 3.0.8 | 7 / 30 | |
| 3.0.7 | 7 / 30 | |
| 3.0.6 | 7 / 30 | |
| 3.0.5 | 7 / 30 | |
| 3.0.4 | 7 / 30 | |
| 3.0.3 | 7 / 30 | |
| 3.0.2 | 7 / 30 | |
| 3.0.1 | 7 / 30 | |
| 3.0.0 | 7 / 30 | |
| 2.1.9 | 7 / 30 | |
| 2.1.8 | 7 / 30 | |
| 2.1.7 | 7 / 30 | |
| 2.1.6 | 7 / 30 | |
| 2.1.3 | 7 / 29 |
v4.1.7
2 findings
HIGH
New obfuscated file: dist/client/assets/index-DaKof6xz.js
source-diff
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.6
2 findings
HIGH
New obfuscated file: dist/client/assets/index-DaKof6xz.js
source-diff
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.5
2 findings
HIGH
New obfuscated file: dist/client/assets/index-BPQdrqGZ.js
source-diff
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.3
2 findings
HIGH
New obfuscated file: dist/client/assets/index-_g5qy0bI.js
source-diff
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.1
2 findings
HIGH
New obfuscated file: dist/client/assets/index-BLZJq7cG.js
source-diff
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.9
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.6
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.