@webitel/ui-sdk
Main lib
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/install-BXREehT0.js | AI (source-diff): Standard Vite minified bundle; long lines are normal for bundled Vue component output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DhEfFC-r.js | AI (source-diff): URL-encoded SVG data URI causes long lines; standard Vite build artifact. | ai | |
| source-diff | net-exec-file:dist/install-BXREehT0.js | AI (source-diff): Network calls and dynamic imports are expected in a Vue UI SDK bundle; no dropper pattern present. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-2dRldTsx.js | AI (source-diff): URL-encoded SVG data URI in minified bundle; standard Vite build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CQtHxPpC.js | AI (source-diff): URL-encoded SVG data URI causes long lines; standard Vite build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CBuFqp8y.js | AI (source-diff): Minified emoji-picker-element bundle chunk; URL-encoded SVG and long lines are normal. | ai | |
| source-diff | obfuscated-file:dist/install-DG3Vb8gz.js | AI (source-diff): Standard Vite-minified bundle; readable Vue imports confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-C9UkoHgS.js | AI (source-diff): Minified Vue table component; standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-BaAY3DEc.js | AI (source-diff): Minified Vue error-page component with inline SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-jL-TifzB.js | AI (source-diff): Minified Vue component with inline SVG data URI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BVVHukIE.js | AI (source-diff): Minified emoji-picker-element bundle; CDN URL is public emoji data, not malicious. | ai | |
| source-diff | net-exec-file:dist/install-DG3Vb8gz.js | AI (source-diff): Network call is emoji CDN fetch; no dynamic code execution beyond normal Vue runtime patterns. | ai | |
| source-diff | obfuscated-file:dist/install-DRmtBDPZ.js | AI (source-diff): Standard Vite minified bundle for a Vue UI SDK; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-Bx6xnTPb.js | AI (source-diff): Minified Vite chunk; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-Cen2rI3S.js | AI (source-diff): Minified Vite chunk with URL-encoded SVG error page; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-f6SNJubN.js | AI (source-diff): Minified Vite chunk with URL-encoded SVG; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-T-xI5PI0.js | AI (source-diff): Minified Vite chunk for emoji picker component; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/install-DRmtBDPZ.js | AI (source-diff): Network call is emoji-picker CDN fetch; dynamic execution is normal Vue/JS runtime patterns in a minified bundle. | ai | |
| source-diff | obfuscated-file:dist/install-Oyx1yl4G.js | AI (source-diff): Standard Vite build output; minified Vue component bundle, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-BtQx95nL.js | AI (source-diff): Minified Vue table component chunk; standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DdIOPYaK.js | AI (source-diff): Minified Vue error page component with inline SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CSSdXJ4_.js | AI (source-diff): Minified Vue component with inline SVG data URIs; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-Bk7whTQ1.js | AI (source-diff): Vite-minified emoji picker component chunk; sample shows legitimate IndexedDB/emoji logic. | ai | |
| source-diff | net-exec-file:dist/install-Oyx1yl4G.js | AI (source-diff): Network calls and dynamic code in a UI SDK bundle are expected (fetch for emoji data, dynamic component loading). | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-C1EXQCuO.js | AI (source-diff): Minified Vite output; URL-encoded SVG paths for error page illustration. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-DOiMYkBj.js | AI (source-diff): Minified Vite output; standard Vue component with URL-encoded SVG. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CSy2l8r-.js | AI (source-diff): Minified Vite output; contains only URL-encoded SVG and Vue component code. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-B_m4NMsW.js | AI (source-diff): Minified Vite output for emoji picker component; normal Vue/IndexedDB patterns. | ai | |
| source-diff | net-exec-file:dist/install-C5xKFRc9.js | AI (source-diff): Network call is emoji-picker-element CDN data fetch; no dropper/loader pattern present. | ai | |
| source-diff | obfuscated-file:dist/install-C5xKFRc9.js | AI (source-diff): Standard Vite-minified bundle; Vue imports and normal JS patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/install-D_goYtnz.js | AI (source-diff): Standard Vite-bundled Vue SDK chunk; minified but not obfuscated, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DdMotrHk.js | AI (source-diff): Vite-bundled error page component with URL-encoded SVG; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DztLsixT.js | AI (source-diff): Vite-bundled Vue component with URL-encoded SVG inline data; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CI3V_BeW.js | AI (source-diff): Vite-bundled emoji picker component; minified output from emoji-picker-element dependency. | ai | |
| source-diff | net-exec-file:dist/install-D_goYtnz.js | AI (source-diff): Network call is emoji-picker-element CDN data fetch; dynamic code execution is normal Vue runtime behavior. | ai | |
| source-diff | net-exec-file:dist/install-DUod_8Ku.js | AI (source-diff): Network call is emoji CDN fetch; dynamic exec is Vue runtime rendering — both expected for this UI library. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-BhgTuky5.js | AI (source-diff): Minified Vue error-page component with inline SVG; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-4X6y_x3K.js | AI (source-diff): Minified Vue component bundle with inline SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BXPjqZI0.js | AI (source-diff): Minified emoji-picker component bundle; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/install-DUod_8Ku.js | AI (source-diff): Standard Vite/rollup minified bundle output for a Vue UI SDK; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/install-D-9lCFRH.js | AI (source-diff): Network call is emoji-picker CDN fetch (jsdelivr); no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CZqq7ahF.js | AI (source-diff): Minified Vue table component; benign build artifact consistent with package pattern. | ai | |
| source-diff | obfuscated-file:dist/install-D-9lCFRH.js | AI (source-diff): Standard Vite-minified bundle of Vue UI components; consistent with package's build pattern. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-CBhqtPBV.js | AI (source-diff): Minified Vue error-page component with inline SVG; benign build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DpBCEOgb.js | AI (source-diff): Minified Vue component with URL-encoded SVG; benign build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-D7JnDZ0s.js | AI (source-diff): Minified emoji-picker-element bundle; expected output for declared emoji-picker-element dependency. | ai | |
| source-diff | obfuscated-file:dist/install-DONrHk5A.js | AI (source-diff): Standard Vite bundle output for a Vue component library; long lines are minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-C_UemiSa.js | AI (source-diff): Minified Vite chunk; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-C_K_Wl-Q.js | AI (source-diff): Minified Vite chunk with URL-encoded SVG; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-BsFcQNhv.js | AI (source-diff): Minified Vite chunk with URL-encoded SVG data; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CNC9MRVw.js | AI (source-diff): Minified Vite chunk for emoji picker component; not obfuscated. | ai | |
| source-diff | net-exec-file:dist/install-DONrHk5A.js | AI (source-diff): Network calls are emoji-picker CDN data fetch; dynamic code execution is normal Vue reactivity/component patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-BPJBffsX.js | AI (source-diff): Minified Vite bundle with SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-90ODifPL.js | AI (source-diff): Minified Vite bundle with SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-B0LV4XZG.js | AI (source-diff): Minified Vite bundle with SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-trW77w8T.js | AI (source-diff): Minified Vite bundle for emoji picker component; expected build artifact. | ai | |
| source-diff | net-exec-file:dist/install-B5iwjh5w.js | AI (source-diff): Network call is emoji-picker CDN data fetch; no dynamic code execution beyond normal Vue runtime patterns. | ai | |
| source-diff | obfuscated-file:dist/install-B5iwjh5w.js | AI (source-diff): Standard Vite-minified Vue bundle; long lines are normal build output for this UI SDK. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-bVs4FU_6.js | AI (source-diff): Minified Vite bundle with URL-encoded SVG; normal build artifact for this UI SDK. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DRMzAM9O.js | AI (source-diff): Minified Vite bundle with URL-encoded SVG data; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CL-ZeHBE.js | AI (source-diff): Minified Vite bundle for emoji picker component; expected output for this package. | ai | |
| source-diff | net-exec-file:dist/install-Cr0bk3L_.js | AI (source-diff): Network calls are emoji CDN fetches; dynamic code execution is Vue reactivity runtime — no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/install-Cr0bk3L_.js | AI (source-diff): Standard Vite-minified bundle for a Vue UI SDK; long lines are normal bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/install-DJFUeaKV.js | AI (source-diff): Vite-bundled Vue component library output; long lines are minified build artifacts, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/install-DJFUeaKV.js | AI (source-diff): False positive on bundled Vue app code with standard fetch/dynamic-import patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-C4k-DhDC.js | AI (source-diff): Minified table component chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DGdwU4In.js | AI (source-diff): Minified error page chunk with inline SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-sXbqwELW.js | AI (source-diff): Minified chunk with inline SVG data URIs; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BlNdCD8_.js | AI (source-diff): Minified emoji-picker chunk; standard build output. | ai | |
| source-diff | net-exec-file:dist/install-BuMO14Rb.js | AI (source-diff): Network calls and dynamic code in Vue component bundles are expected for this UI SDK. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-Dh0I10zQ.js | AI (source-diff): Long lines are URL-encoded SVG data in a standard Vite bundle. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DeqGCW4M.js | AI (source-diff): Long lines are URL-encoded SVG data, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-6IZXyyQv.js | AI (source-diff): Minified Vite chunk; emoji CDN URL is from emoji-picker-element dependency, not malicious. | ai | |
| source-diff | obfuscated-file:dist/install-BuMO14Rb.js | AI (source-diff): Standard Vite minified bundle; long lines are normal for this package's dist output. | ai | |
| source-diff | obfuscated-file:dist/install-MeHxIEWi.js | AI (source-diff): Standard Vite-minified bundle for a Vue UI SDK; content shows normal Vue/ESM imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-fD1n6Ca8.js | AI (source-diff): Long lines are URL-encoded SVG path data for error page illustration, not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-BJqC03G2.js | AI (source-diff): Long lines are URL-encoded SVG data, not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-gtRYtqkJ.js | AI (source-diff): Minified emoji-picker-element bundle; content is clearly emoji picker IndexedDB logic, not malicious. | ai | |
| source-diff | net-exec-file:dist/install-MeHxIEWi.js | AI (source-diff): Network calls and dynamic code in bundled Vue UI SDK are expected (fetch for emoji data, dynamic component loading). | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CtvAfq9L.js | AI (source-diff): Vite bundle chunk for emoji picker component; minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DYdNWZch.js | AI (source-diff): Vite bundle chunk with URL-encoded SVG path data; minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-S6P5IFvl.js | AI (source-diff): Vite bundle chunk with URL-encoded SVG; minified but not obfuscated. | ai | |
| source-diff | net-exec-file:dist/install-Uz_WcuKf.js | AI (source-diff): Network call is emoji-picker CDN fetch (jsdelivr); no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/install-Uz_WcuKf.js | AI (source-diff): Standard Vite-bundled Vue component chunk; minification triggers rule but content is benign. | ai | |
| source-diff | obfuscated-file:dist/install-MwLwnvU6.js | AI (source-diff): Standard Vite minified bundle for a Vue UI SDK; long lines are normal minification output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-nil4zmk5.js | AI (source-diff): Minified Vite chunk with URL-encoded SVG error page graphic; normal build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CjuwwVGB.js | AI (source-diff): Minified Vite chunk containing URL-encoded SVG; normal build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-DYXEUfIV.js | AI (source-diff): Minified Vite chunk for emoji picker component; normal build output. | ai | |
| source-diff | net-exec-file:dist/install-MwLwnvU6.js | AI (source-diff): Network call is emoji-picker-element fetching CDN emoji data; no dynamic code execution of remote content. | ai | |
| source-diff | net-exec-file:dist/install-D-fDpH8o.js | AI (source-diff): Network calls are emoji CDN data fetches; dynamic code execution is Vue's runtime rendering — no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-C-UOZm82.js | AI (source-diff): URL-encoded SVG error page illustration in minified Vue component; normal build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CXxTx5PV.js | AI (source-diff): URL-encoded SVG assets in minified Vue component; normal build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-7BCR-KNF.js | AI (source-diff): Minified emoji-picker-element bundle; matches declared emoji-picker-element dependency. | ai | |
| source-diff | obfuscated-file:dist/install-D-fDpH8o.js | AI (source-diff): Standard Vite bundle of Vue UI components; minified lines are normal build output for this SDK. | ai | |
| source-diff | net-exec-file:dist/install-PDJJDxnH.js | AI (source-diff): Network call is emoji CDN data fetch; no dynamic code execution beyond normal Vue rendering. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-B3gopWBB.js | AI (source-diff): Vite bundle with inline SVG; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DamPrF3N.js | AI (source-diff): Vite bundle with inline SVG data URI; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CQ2r3NMw.js | AI (source-diff): Vite bundle with inline SVG data URI; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-DlCyrANh.js | AI (source-diff): Vite-bundled emoji picker component; minified but readable Vue/IndexedDB logic. | ai | |
| source-diff | obfuscated-file:dist/install-PDJJDxnH.js | AI (source-diff): Standard Vite build output; minified Vue component bundle, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/install-Bmdyhhbh.js | AI (source-diff): Network calls are emoji CDN fetches; dynamic code execution is standard Vue reactivity patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-9hQfRr7G.js | AI (source-diff): Minified emoji-picker component bundle; readable Vue imports and IndexedDB logic. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CD4EplxA.js | AI (source-diff): Minified Vue table component; readable imports confirm standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DIbLIafL.js | AI (source-diff): Minified Vue error-page component with inline SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CdSPx66Q.js | AI (source-diff): Minified Vue component with inline SVG data URI; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/install-Bmdyhhbh.js | AI (source-diff): Standard Vite-minified Vue component bundle; readable imports and logic confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-B4pbqoOI.js | AI (source-diff): Minified Vue error-page component with URL-encoded SVG; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/install-a-C0Uz5X.js | AI (source-diff): Standard Vite-minified bundle of Vue UI components; long lines are normal minifier output. | ai | |
| source-diff | net-exec-file:dist/install-a-C0Uz5X.js | AI (source-diff): Network call is emoji-picker CDN fetch (jsdelivr); no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CUtTN1q_.js | AI (source-diff): Minified emoji-picker component bundle; long lines are normal minifier output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DuLtIKMP.js | AI (source-diff): Minified Vue component with URL-encoded SVG inline data; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-BWDKZosT.js | AI (source-diff): Minified Vue table component; long lines are normal minifier output. | ai | |
| source-diff | obfuscated-file:dist/install-BUa1vI9s.js | AI (source-diff): Standard Vite-bundled Vue component output; minification triggers rule but no malicious content. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-C3F8UALY.js | AI (source-diff): Vite-bundled component with URL-encoded SVG assets; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-5n_9FKhp.js | AI (source-diff): Vite-bundled emoji picker component; minification triggers rule, no malicious content. | ai | |
| source-diff | net-exec-file:dist/install-BUa1vI9s.js | AI (source-diff): Network call is emoji-picker CDN fetch; dynamic code execution is Vue's runtime rendering — normal UI SDK behavior. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-bC1IdvdS.js | AI (source-diff): Vite-bundled table component with URL-encoded SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DfUOuTIJ.js | AI (source-diff): Vite-bundled error page component with URL-encoded SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/install-BNNJFRDJ.js | AI (source-diff): Standard Vite-minified Vue bundle; long lines are normal for bundled output. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-DQtoij8i.js | AI (source-diff): URL-encoded SVG inline data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-CJxYSeu-.js | AI (source-diff): URL-encoded SVG inline data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-Bjw8UxPk.js | AI (source-diff): URL-encoded SVG inline data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-B2TUUnF-.js | AI (source-diff): Vite-minified emoji picker component; long lines are bundled output. | ai | |
| source-diff | net-exec-file:dist/install-BNNJFRDJ.js | AI (source-diff): Network calls are Vue component data fetches (emoji CDN); no dynamic code execution pattern. | ai | |
| source-diff | obfuscated-file:dist/install-BPGa7xcr.js | AI (source-diff): Standard Vite build output (minified Vue component bundle); not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CqVmODXu.js | AI (source-diff): Minified Vite chunk; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-DzpLr_VF.js | AI (source-diff): Minified Vite chunk with inline SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DVn93O_A.js | AI (source-diff): Minified Vite chunk with inline SVG data URI; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BzJxFQX-.js | AI (source-diff): Minified Vite chunk for emoji-picker component; expected build artifact. | ai | |
| source-diff | net-exec-file:dist/install-BPGa7xcr.js | AI (source-diff): Network calls and dynamic code in Vite bundle are normal Vue/component library patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/install-Sbp7aowq.js | AI (source-diff): Standard Vite-bundled Vue UI library chunk; minified but not obfuscated, readable Vue imports visible. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BMQfL9X3.js | AI (source-diff): Minified emoji-picker-element bundle; standard build output for this UI SDK. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-Btmg48Xk.js | AI (source-diff): Minified Vue component with URL-encoded SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-zL3IkviW.js | AI (source-diff): Minified Vue component with URL-encoded SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-D2niYDeI.js | AI (source-diff): Minified Vue component; standard build output for this UI SDK. | ai | |
| source-diff | net-exec-file:dist/install-Sbp7aowq.js | AI (source-diff): Network calls are emoji CDN fetch (jsdelivr); no dynamic code execution beyond normal Vue runtime patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CPacgsbN.js | AI (source-diff): Minified Vite chunk; sample shows standard Vue component with inline SVG. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-Rt-F9oVv.js | AI (source-diff): Minified Vite chunk with inline SVG; normal UI component bundle. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-DHdJccrG.js | AI (source-diff): Minified Vite chunk with inline SVG data URI; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-D_4QMhH7.js | AI (source-diff): Minified Vite chunk for emoji picker component; sample shows legitimate emoji-picker-element IndexedDB code. | ai | |
| source-diff | net-exec-file:dist/install-rysuPEjF.js | AI (source-diff): Network calls and dynamic code in a UI SDK bundle are normal Vue/fetch patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/install-rysuPEjF.js | AI (source-diff): Standard Vite bundle chunk; minified Vue component code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-C6Ffq5UN.js | AI (source-diff): URL-encoded SVG inline data causes long lines; standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-C4AY_Nyy.js | AI (source-diff): URL-encoded SVG inline data causes long lines; standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/install-b3LF2l6e.js | AI (source-diff): Standard Vite bundle of Vue components; long lines are minified JS, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/install-b3LF2l6e.js | AI (source-diff): Network call is emoji-picker-element fetching CDN data; no dynamic code execution beyond normal Vue rendering. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-8kgugJp3.js | AI (source-diff): Vite-bundled emoji picker component; minified lines are expected build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CrbQHj7e.js | AI (source-diff): URL-encoded SVG inline data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-DHEaw92W.js | AI (source-diff): Minified Vite bundle; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-Bfzt7YQO.js | AI (source-diff): Minified Vite bundle with URL-encoded SVG error page; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/install-CrhatfOO.js | AI (source-diff): Standard Vite-minified Vue component bundle; long lines are minified JS, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/install-CrhatfOO.js | AI (source-diff): Network call is emoji data CDN fetch (jsdelivr); no dynamic code execution pattern present. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BEPJGh0L.js | AI (source-diff): Minified Vite bundle for emoji picker component; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-TCGzXQUx.js | AI (source-diff): Minified Vite bundle with URL-encoded SVG; normal build artifact. | ai | |
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publisher with SLSA provenance attestation is a legitimate supply chain improvement. | ai | |
| dependencies | unvetted-peer-dep:jszip-utils | AI (dependencies): Optional peer dep for file handling; already accepted in prior versions. | ai | |
| source-diff | net-exec-file:dist/install-Dq6Xzj7N.js | AI (source-diff): Network calls are emoji-picker CDN data fetches; dynamic execution is Vue runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/install-Dq6Xzj7N.js | AI (source-diff): Standard Vite-minified bundle for a Vue UI SDK; long lines are normal bundler output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-C6iAgiXM.js | AI (source-diff): Minified Vite bundle; content is URL-encoded SVG assets and Vue component code. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-Bfl_LRhh.js | AI (source-diff): Minified Vite bundle; content is URL-encoded SVG error page assets. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-1PQXgyFT.js | AI (source-diff): Minified Vite bundle; content is Vue component with URL-encoded SVG. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-DlcRu7FP.js | AI (source-diff): Minified Vite bundle; content is emoji-picker-element component code. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CmcHeJ67.js | AI (source-diff): Minified Vite bundle with inline SVG data URI; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-CV2ViLFe.js | AI (source-diff): Minified Vite bundle; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-zxeVvway.js | AI (source-diff): Minified Vite bundle with inline SVG; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BbcSpHw0.js | AI (source-diff): Minified Vite bundle for emoji picker component; readable Vue imports, no obfuscation. | ai | |
| source-diff | net-exec-file:dist/install-BCOGjWv4.js | AI (source-diff): Network calls are CDN fetches for emoji data; no dynamic code execution beyond normal Vue runtime patterns. | ai | |
| source-diff | obfuscated-file:dist/install-BCOGjWv4.js | AI (source-diff): Standard Vite-minified Vue bundle; readable imports from 'vue', no actual obfuscation. | ai | |
| dependencies | unvetted-dep:xlsx | AI (dependencies): xlsx is a widely-used spreadsheet library; its use is consistent with this SDK's file-export functionality. | ai | |
| dependencies | unvetted-dep:emoji-picker-element | AI (dependencies): emoji-picker-element is a standard web component; aligns with new wt-chat-emoji dist file in this version. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-BMpoQdQl.js | AI (source-diff): Minified Vue component with inline SVG data URIs; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-OrcannPM.js | AI (source-diff): Minified Vue component with inline SVG data URIs; standard build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CUjHxdzV.js | AI (source-diff): Minified emoji-picker-element bundle; expected for this dependency. | ai | |
| source-diff | obfuscated-file:dist/install-Bd5HfFTV.js | AI (source-diff): Standard Vite minified bundle output for a Vue UI SDK; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/install-Bd5HfFTV.js | AI (source-diff): Network refs are CDN emoji data URLs; dynamic code is Vue reactivity internals, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-DaGMSlL1.js | AI (source-diff): Minified Vue component; standard Vite build output. | ai | |
| source-diff | obfuscated-file:dist/install-BjjBYpbl.js | AI (source-diff): Standard Vite-minified bundle for a Vue UI SDK; long lines are minified JS, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-DrcFp4Wl.js | AI (source-diff): Vite-minified lazy chunk; sample shows standard Vue component imports. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-IIP3rusg.js | AI (source-diff): Vite-minified lazy chunk; sample shows standard Vue component with inline SVG data URI. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-BF8MnBYQ.js | AI (source-diff): Vite-minified lazy chunk; sample shows standard Vue component with inline SVG data URI. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CcTec-mP.js | AI (source-diff): Vite-minified lazy chunk for emoji picker component; sample shows normal Vue imports. | ai | |
| source-diff | net-exec-file:dist/install-BjjBYpbl.js | AI (source-diff): Network calls and dynamic code in a UI SDK bundle are normal Vue/browser patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-D1USdwE4.js | AI (source-diff): URL-encoded SVG data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-CCESyhxX.js | AI (source-diff): URL-encoded SVG data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-9EjvdKqd.js | AI (source-diff): URL-encoded SVG data causes long lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BpXv6NqV.js | AI (source-diff): Minified emoji-picker-element bundle; readable logic visible in sample. | ai | |
| source-diff | net-exec-file:dist/install-Btsl7J6C.js | AI (source-diff): Network calls are emoji CDN fetches; dynamic code execution is Vue's runtime rendering — no dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/install-Btsl7J6C.js | AI (source-diff): Standard Vite-minified Vue bundle; long lines are normal build output for this UI SDK. | ai | |
| provenance | no-provenance | AI (provenance): Large established SDK; lack of provenance is consistent across its 2000+ version history. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-CNwzDAa5.js | AI (source-diff): Minified error-page component with URL-encoded SVG; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-D6LkZ5Mu.js | AI (source-diff): Minified Vue table component; sample shows normal Vue composable patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-nq43ktii.js | AI (source-diff): Minified Vue component with URL-encoded SVG asset; benign build output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-BlKZydZ3.js | AI (source-diff): Minified emoji-picker component bundle; sample shows IndexedDB/emoji logic, not malware. | ai | |
| source-diff | net-exec-file:dist/install-uRNiMbqp.js | AI (source-diff): Network call is emoji CDN fetch; no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/install-uRNiMbqp.js | AI (source-diff): Standard Vite minified bundle; Vue imports and normal JS patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/install-BTw4h6La.js | AI (source-diff): Standard Vite-minified bundle; Vue imports and normal JS patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-D3oCCDNW.js | AI (source-diff): Minified Vue component; standard Vite output. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-ND0BquL3.js | AI (source-diff): Minified Vue error-page component with URL-encoded SVG; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-CQoomGSQ.js | AI (source-diff): Minified Vue component with URL-encoded SVG; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-CPpRiG3z.js | AI (source-diff): Minified emoji-picker-element bundle; CDN URL for emoji data is documented upstream behavior. | ai | |
| source-diff | net-exec-file:dist/install-BTw4h6La.js | AI (source-diff): Network calls and dynamic code in a UI SDK bundle are expected (fetch for emoji data, dynamic component loading). | ai | |
| source-diff | net-exec-file:dist/install-B0iOKX0v.js | AI (source-diff): Network calls and dynamic code in a UI SDK bundle are expected (fetch for emoji data, dynamic Vue component loading). | ai | |
| source-diff | obfuscated-file:dist/wt-table-column-select-ClA_A3dE.js | AI (source-diff): Standard Vite-minified Vue component with SVG data; benign. | ai | |
| source-diff | obfuscated-file:dist/wt-error-page-BklEfHeX.js | AI (source-diff): URL-encoded SVG paths in a minified Vue component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/wt-dummy-BCaleMs_.js | AI (source-diff): Contains URL-encoded SVG data and Vue component code; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/wt-chat-emoji-zXNZdzpq.js | AI (source-diff): Minified emoji-picker-element bundle; content matches the declared emoji-picker-element dependency. | ai | |
| source-diff | obfuscated-file:dist/install-B0iOKX0v.js | AI (source-diff): Standard Vite bundle chunk with readable Vue imports; minification triggers the rule but no obfuscation present. | ai | |
| phantom-deps | phantom-dep:path-browserify | AI (phantom-deps): Polyfill referenced in build config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vuepic/vue-datepicker | AI (phantom-deps): Lazily imported UI component; stable false positive. | ai | |
| phantom-deps | phantom-dep:@morev/vue-transitions | AI (phantom-deps): Lazily imported UI component; stable false positive. | ai | |
| phantom-deps | phantom-dep:emoji-picker-element | AI (phantom-deps): Lazily imported UI component; stable false positive. | ai | |
| phantom-deps | phantom-dep:autosize | AI (phantom-deps): Build-tool/config reference in a large UI SDK; stable false positive. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/vite | AI (phantom-deps): Vite plugin referenced in build config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@floating-ui/vue | AI (phantom-deps): UI library dep used indirectly via component wrappers; stable false positive. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Referenced in vite/tailwind config files, not a runtime import; stable false positive. | ai |
Versions (showing 51 of 60)
| Version | Deps | Published |
|---|---|---|
| 26.6.20 | 22 / 46 | |
| 26.6.18 | 22 / 46 | |
| 26.6.10 | 22 / 46 | |
| 26.6.9 | 22 / 46 | |
| 26.6.8 | 22 / 46 | |
| 26.6.7 | 22 / 46 | |
| 26.6.6 | 22 / 46 | |
| 26.6.3 | 22 / 46 | |
| 26.6.2 | 22 / 46 | |
| 26.6.1 | 22 / 46 | |
| 26.4.87 | 22 / 46 | |
| 26.4.86 | 22 / 46 | |
| 26.4.83 | 22 / 46 | |
| 26.4.82 | 22 / 46 | |
| 26.4.81 | 22 / 46 | |
| 26.4.80 | 22 / 46 | |
| 26.4.78 | 22 / 46 | |
| 26.4.77 | 22 / 46 | |
| 26.4.73 | 22 / 46 | |
| 26.4.72 | 22 / 46 | |
| 26.4.71 | 22 / 46 | |
| 26.4.70 | 22 / 46 | |
| 26.4.66 | 22 / 46 | |
| 26.4.64 | 22 / 46 | |
| 26.4.63 | 22 / 46 | |
| 26.4.62 | 22 / 46 | |
| 26.4.61 | 22 / 46 | |
| 26.4.60 | 22 / 46 | |
| 26.4.59 | 22 / 46 | |
| 26.4.58 | 22 / 46 | |
| 26.4.57 | 22 / 46 | |
| 26.4.56 | 22 / 46 | |
| 26.4.55 | 22 / 46 | |
| 26.4.53 | 22 / 46 | |
| 26.4.51 | 22 / 46 | |
| 26.4.50 | 22 / 46 | |
| 26.4.49 | 22 / 46 | |
| 26.4.47 | 22 / 46 | |
| 26.4.45 | 22 / 46 | |
| 26.4.44 | 22 / 46 | |
| 26.4.42 | 22 / 46 | |
| 26.4.41 | 22 / 46 | |
| 26.4.37 | 22 / 46 | |
| 26.4.34 | 22 / 46 | |
| 26.4.33 | 22 / 46 | |
| 26.4.32 | 22 / 46 | |
| 26.4.31 | 22 / 46 | |
| 26.4.29 | 22 / 46 | |
| 26.4.25 | 22 / 46 | |
| 26.4.23 | 22 / 46 | |
| 26.4.22 | 22 / 46 |
v26.6.20
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.18
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.10
8 findingsThis version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.9
8 findingsThis version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.8
8 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.7
8 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.6
8 findingsThis version was published by a different npm account than previous versions on 2026-05-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.3
8 findingsThis version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.2
8 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.6.1
8 findingsThis version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.87
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.86
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.83
8 findingsThis version was published by a different npm account than previous versions on 2026-05-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.82
8 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.81
8 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.80
8 findingsThis version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.4.78
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.73
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.72
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.71
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.70
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.66
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.64
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.63
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.60
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.59
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.58
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.57
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.55
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.53
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.51
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.49
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.45
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.42
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.41
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.37
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.34
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.33
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.32
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.4.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.4.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.