ace-builds
Ace (Ajax.org Cloud9 Editor)
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:src-noconflict/mode-mariadb.js | AI (source-diff): Unminified mode file with long lines; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/mode-cedar.js | AI (source-diff): Minified syntax mode in src-min/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-cedar.js | AI (source-diff): Minified syntax mode in src-min-noconflict/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/ext-whitespaces_in_selection.js | AI (source-diff): Minified editor extension in src-min/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/ext-whitespaces_in_selection.js | AI (source-diff): Minified editor extension in src-min-noconflict/; standard for ace-builds. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New syntax modes (cedar, groq, mariadb, etc.) across 4 build variants is normal for ace-builds. | ai | |
| source-diff | obfuscated-file:src/mode-mariadb.js | AI (source-diff): Unminified mode file with long lines; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/mode-mariadb.js | AI (source-diff): Minified syntax mode in src-min/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-mariadb.js | AI (source-diff): Minified syntax mode in src-min-noconflict/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/mode-groq.js | AI (source-diff): Minified syntax mode in src-min/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-groq.js | AI (source-diff): Minified syntax mode in src-min-noconflict/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/mode-cedarschema.js | AI (source-diff): Minified syntax mode in src-min/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-cedarschema.js | AI (source-diff): Minified syntax mode in src-min-noconflict/; standard for ace-builds. | ai | |
| source-diff | obfuscated-file:src-min/mode-zig.js | AI (source-diff): ace-builds ships minified mode files for every supported language; mode-zig.js is a standard Zig syntax highlighter, not obfuscated code. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-zig.js | AI (source-diff): ace-builds ships minified mode files for every supported language; mode-zig.js is a standard Zig syntax highlighter, not obfuscated code. | ai | |
| source-diff | obfuscated-file:src-min/mode-assembly_arm32.js | AI (source-diff): ace-builds ships minified mode files in src-min/ by design; this is a syntax highlighter, not obfuscated code. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-vue.js | AI (source-diff): ace-builds ships minified mode files in src-min-noconflict/ by design; Vue mode is a standard editor feature. | ai | |
| source-diff | obfuscated-file:src-min/mode-vue.js | AI (source-diff): ace-builds ships minified mode files in src-min/ by design; Vue mode is a standard editor feature. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-assembly_arm32.js | AI (source-diff): ace-builds ships minified mode files in src-min-noconflict/ by design; this is a syntax highlighter, not obfuscated code. | ai | |
| source-diff | obfuscated-file:src-noconflict/theme-cloud_editor_dark.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/theme-cloud_editor.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-noconflict/theme-cloud_editor.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min/theme-cloud_editor.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/theme-cloud_editor.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/theme-cloud_editor_dark.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min/theme-cloud_editor_dark.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/theme-cloud_editor_dark.js | AI (source-diff): Ace theme file with embedded CSS string literal; standard pattern for all Ace themes, not obfuscation. | ai | |
| dependencies | unvetted-dep:ace | AI (dependencies): ace is the upstream source package for ace-builds; this dependency is expected and legitimate for all versions of this package. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/ext-diff.js | AI (source-diff): ace-builds ships minified bundles by design; src-min-noconflict/ contains standard minified output of the Ace editor. | ai | |
| source-diff | obfuscated-file:src-min/mode-clue.js | AI (source-diff): Minified syntax mode file; standard ace-builds output for language modes. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-clue.js | AI (source-diff): Minified syntax mode file; standard ace-builds output for language modes. | ai | |
| source-diff | obfuscated-file:src/ext-diff.js | AI (source-diff): AMD-wrapped bundle with long lines; standard ace-builds format for src/ directory. | ai | |
| source-diff | obfuscated-file:src-noconflict/ext-diff.js | AI (source-diff): AMD-wrapped bundle with long lines; standard ace-builds format for src-noconflict/ directory. | ai | |
| source-diff | obfuscated-file:src-min/ext-diff.js | AI (source-diff): ace-builds ships minified bundles by design; src-min/ contains standard minified output of the Ace editor. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/mode-basic.js | AI (source-diff): ace-builds ships pre-minified editor bundles in src-min-noconflict/; minified mode files are expected. | ai | |
| source-diff | obfuscated-file:src-min/mode-basic.js | AI (source-diff): ace-builds ships pre-minified editor bundles in src-min/; minified mode files are expected. | ai | |
| source-diff | obfuscated-file:src-noconflict/theme-github_light_default.js | AI (source-diff): Ace theme file with inlined CSS string — standard build output pattern for ace-builds, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/theme-github_light_default.js | AI (source-diff): Ace theme file with inlined CSS string — standard build output pattern for ace-builds, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min/theme-github_light_default.js | AI (source-diff): Ace theme file with inlined CSS string — standard build output pattern for ace-builds, not obfuscation. | ai | |
| source-diff | obfuscated-file:src-min-noconflict/theme-github_light_default.js | AI (source-diff): Ace theme file with inlined CSS string — standard build output pattern for ace-builds, not obfuscation. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): ace-builds uses new Function() in its AMD-style worker module loader — standard pattern for browser-bundled code editor workers, not malicious. | ai | |
| provenance | no-provenance | AI (provenance): Established package (3823 days, 1.3M weekly downloads, 138 versions) without Sigstore provenance — acceptable for packages predating widespread provenance adoption. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() in worker-coffee.js is part of the CoffeeScript compiler/parser, a legitimate use case for a code editor supporting CoffeeScript syntax. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): False positive: Ace editor snippets/syntax definitions contain /etc/passwd as example content, not credential harvesting. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from nightwing (long-time Ace maintainer) to GitHub Actions CI/CD publishing with SLSA provenance; legitimate modernization. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): False positive: Ace's internal module loader uses dynamic require for its build dependency resolution system. | ai | |
| semgrep | semgrep:dll-injection-apis | AI (semgrep): False positive: Ace's AutoHotKey syntax mode references DLL APIs as language keywords, not actual injection code. | ai |
Versions (showing 100 of 139)
| Version | Deps | Published |
|---|---|---|
| 1.44.0 | 0 / 0 | |
| 1.43.6 | 0 / 0 | |
| 1.43.5 | 0 / 0 | |
| 1.43.4 | 0 / 0 | |
| 1.43.3 | 0 / 0 | |
| 1.43.2 | 0 / 0 | |
| 1.43.1 | 0 / 0 | |
| 1.43.0 | 0 / 0 | |
| 1.42.0 | 0 / 0 | |
| 1.41.0 | 0 / 0 | |
| 1.40.1 | 0 / 0 | |
| 1.40.0 | 0 / 0 | |
| 1.39.1 | 0 / 0 | |
| 1.39.0 | 0 / 0 | |
| 1.38.0 | 0 / 0 | |
| 1.37.5 | 0 / 0 | |
| 1.37.4 | 0 / 0 | |
| 1.37.3 | 0 / 0 | |
| 1.37.2 | 0 / 0 | |
| 1.37.1 | 0 / 0 | |
| 1.37.0 | 0 / 0 | |
| 1.36.5 | 0 / 0 | |
| 1.36.4 | 0 / 0 | |
| 1.36.3 | 0 / 0 | |
| 1.36.2 | 0 / 0 | |
| 1.36.1 | 0 / 0 | |
| 1.36.0 | 0 / 0 | |
| 1.35.5 | 0 / 0 | |
| 1.35.4 | 0 / 0 | |
| 1.35.3 | 0 / 0 | |
| 1.35.2 | 0 / 0 | |
| 1.35.1 | 0 / 0 | |
| 1.35.0 | 0 / 0 | |
| 1.34.2 | 0 / 0 | |
| 1.34.1 | 0 / 0 | |
| 1.34.0 | 0 / 0 | |
| 1.33.3 | 0 / 0 | |
| 1.33.2 | 0 / 0 | |
| 1.33.1 | 0 / 0 | |
| 1.33.0 | 0 / 0 | |
| 1.32.9 | 0 / 0 | |
| 1.32.8 | 0 / 0 | |
| 1.32.7 | 0 / 0 | |
| 1.32.6 | 0 / 0 | |
| 1.32.5 | 0 / 0 | |
| 1.32.4 | 0 / 0 | |
| 1.32.3 | 0 / 0 | |
| 1.32.2 | 0 / 0 | |
| 1.32.1 | 0 / 0 | |
| 1.32.0 | 0 / 0 | |
| 1.31.2 | 0 / 0 | |
| 1.31.1 | 0 / 0 | |
| 1.31.0 | 0 / 0 | |
| 1.30.0 | 0 / 0 | |
| 1.29.0 | 0 / 0 | |
| 1.28.0 | 0 / 0 | |
| 1.27.0 | 0 / 0 | |
| 1.26.0 | 0 / 0 | |
| 1.25.1 | 0 / 0 | |
| 1.25.0 | 0 / 0 | |
| 1.24.2 | 0 / 0 | |
| 1.24.1 | 0 / 0 | |
| 1.24.0 | 0 / 0 | |
| 1.23.4 | 0 / 0 | |
| 1.23.3 | 0 / 0 | |
| 1.23.2 | 0 / 0 | |
| 1.23.1 | 0 / 0 | |
| 1.23.0 | 0 / 0 | |
| 1.22.1 | 0 / 0 | |
| 1.22.0 | 0 / 0 | |
| 1.21.1 | 0 / 0 | |
| 1.21.0 | 0 / 0 | |
| 1.20.0 | 0 / 0 | |
| 1.19.0 | 0 / 0 | |
| 1.18.1 | 0 / 0 | |
| 1.18.0 | 0 / 0 | |
| 1.17.0 | 0 / 0 | |
| 1.16.0 | 0 / 0 | |
| 1.15.3 | 0 / 0 | |
| 1.15.2 | 0 / 0 | |
| 1.15.1 | 0 / 0 | |
| 1.15.0 | 0 / 0 | |
| 1.14.0 | 0 / 0 | |
| 1.13.2 | 0 / 0 | |
| 1.13.1 | 0 / 0 | |
| 1.13.0 | 0 / 0 | |
| 1.12.5 | 0 / 0 | |
| 1.12.4 | 0 / 0 | |
| 1.12.3 | 0 / 0 | |
| 1.12.2 | 0 / 0 | |
| 1.12.1 | 0 / 0 | |
| 1.12.0 | 0 / 0 | |
| 1.11.2 | 0 / 0 | |
| 1.11.1 | 0 / 0 | |
| 1.11.0 | 0 / 0 | |
| 1.10.1 | 0 / 0 | |
| 1.10.0 | 0 / 0 | |
| 1.9.6 | 0 / 0 | |
| 1.9.5 | 0 / 0 | |
| 1.9.4 | 0 / 0 |
v1.44.0
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.43.6
14 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
DLL injection API detected — potential process injection attack Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min-noconflict/mode-autohotkey.js#L1 > 1 | ace.define("ace/mode/autohotkey_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_ru 2 | ace.require(["ace/mode/autohotkey"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min-noconflict/snippets/edifact.js#L1 > 1 | ace.define("ace/snippets/edifact.snippets",["require","exports","module"],function(e,t,n){n.exports='## Access Modifiers 2 | ace.require(["ace/snippets/edifact"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min-noconflict/snippets/java.js#L1 > 1 | ace.define("ace/snippets/java.snippets",["require","exports","module"],function(e,t,n){n.exports='## Access Modifiers\ns 2 | ace.require(["ace/snippets/java"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
DLL injection API detected — potential process injection attack Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min/mode-autohotkey.js#L1 > 1 | define("ace/mode/autohotkey_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules" 2 | window.require(["ace/mode/autohotkey"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min/snippets/edifact.js#L1 > 1 | define("ace/snippets/edifact.snippets",["require","exports","module"],function(e,t,n){n.exports='## Access Modifiers\nsn 2 | window.require(["ace/snippets/edifact"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-min/snippets/java.js#L1 > 1 | define("ace/snippets/java.snippets",["require","exports","module"],function(e,t,n){n.exports='## Access Modifiers\nsnipp 2 | window.require(["ace/snippets/java"], function(m) { 3 | if (typeof module == "object" && typeof exports == "object" && module) {
DLL injection API detected — potential process injection attack Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-noconflict/mode-autohotkey.js#L8 6 | var autoItKeywords = 'And|ByRef|Case|Const|ContinueCase|ContinueLoop|Default|Dim|Do|Else|ElseIf|EndFunc|EndIf|EndSel 7 | 'Abs|ACos|AdlibDisable|AdlibEnable|Asc|AscW|ASin|Assign|ATan|AutoItSetOption|AutoItWinGetTitle|AutoItWinSetTitle > 8 | 'ArrayAdd|ArrayBinarySearch|ArrayConcatenate|ArrayDelete|ArrayDisplay|ArrayFindAll|ArrayInsert|ArrayMax|ArrayMax 9 | 'ce|comments-end|comments-start|cs|include|include-once|NoTrayIcon|RequireAdmin|' + 10 | 'AutoIt3Wrapper_Au3Check_Parameters|AutoIt3Wrapper_Au3Check_Stop_OnWarning|AutoIt3Wrapper_Change2CUI|AutoIt3Wrap
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-noconflict/snippets/edifact.js#L1 > 1 | ace.define("ace/snippets/edifact.snippets",["require","exports","module"], function(require, exports, module){module.exp 2 | 3 | });
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src-noconflict/snippets/java.js#L1 > 1 | ace.define("ace/snippets/java.snippets",["require","exports","module"], function(require, exports, module){module.export 2 | 3 | });
DLL injection API detected — potential process injection attack Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src/mode-autohotkey.js#L8 6 | var autoItKeywords = 'And|ByRef|Case|Const|ContinueCase|ContinueLoop|Default|Dim|Do|Else|ElseIf|EndFunc|EndIf|EndSel 7 | 'Abs|ACos|AdlibDisable|AdlibEnable|Asc|AscW|ASin|Assign|ATan|AutoItSetOption|AutoItWinGetTitle|AutoItWinSetTitle > 8 | 'ArrayAdd|ArrayBinarySearch|ArrayConcatenate|ArrayDelete|ArrayDisplay|ArrayFindAll|ArrayInsert|ArrayMax|ArrayMax 9 | 'ce|comments-end|comments-start|cs|include|include-once|NoTrayIcon|RequireAdmin|' + 10 | 'AutoIt3Wrapper_Au3Check_Parameters|AutoIt3Wrapper_Au3Check_Stop_OnWarning|AutoIt3Wrapper_Change2CUI|AutoIt3Wrap
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src/snippets/edifact.js#L1 > 1 | define("ace/snippets/edifact.snippets",["require","exports","module"], function(require, exports, module){module.exports 2 | 3 | });
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/ajaxorg/ace-builds/blob/3e0fd22c6f57ace8ad13d6f2e4328c7111fa6fdb/src/snippets/java.js#L1 > 1 | define("ace/snippets/java.snippets",["require","exports","module"], function(require, exports, module){module.exports = 2 | 3 | });
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.43.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.43.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.43.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.43.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.43.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.43.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.42.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.41.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.33.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.32.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.31.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.29.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.28.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.27.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.22.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.21.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.21.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.20.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.18.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.18.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.17.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.