autolinker
Utility to automatically link the URLs, email addresses, phone numbers, hashtags, and mentions (Twitter, Instagram) in a given block of text/HTML
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/autolinker.js | AI (source-diff): dist/autolinker.js is a standard UMD bundle generated by rollup/webpack from TypeScript sources; long lines are expected in bundled output, not obfuscation. Stable for this package. | ai | |
| source-diff | obfuscated-file:dist/es2015/parser/known-tlds.js | AI (source-diff): Same as commonjs variant — auto-generated TLD regex file with explicit comment. ES2015 module build of the same legitimate generated artifact. | ai | |
| install-scripts | install-script:preinstall | AI (install-scripts): Preinstall runs `npx -y only-allow pnpm` which enforces pnpm as the package manager. This is a benign developer-experience pattern with no malicious behavior. | ai | |
| source-diff | obfuscated-file:dist/commonjs/parser/known-tlds.js | AI (source-diff): File is an auto-generated TLD regex list (explicitly commented as such). Long lines are due to hundreds of valid IANA TLD alternations, not obfuscation. Expected artifact for an autolinker library. | ai | |
| source-diff | obfuscated-file:dist/commonjs/parser/tld-regex.d.ts | AI (source-diff): TypeScript declaration file for the generated TLD regex. Long line is the TLD string constant declaration, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/parser/tld-regex.js | AI (source-diff): This file is a generated TLD regex list from IANA, explicitly documented as such in the file header and package.json scripts. Long single-line regex is expected for this package's URL-matching functionality. | ai | |
| source-diff | obfuscated-file:dist/es2015/parser/tld-regex.js | AI (source-diff): Same as commonjs variant — generated TLD regex list, not obfuscated malicious code. Expected artifact for autolinker's URL matching. | ai | |
| source-diff | obfuscated-file:dist/es2015/parser/tld-regex.d.ts | AI (source-diff): TypeScript declaration file for the generated TLD regex (es2015 variant). Long line is the TLD string constant declaration, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/commonjs/char-utils.js | AI (source-diff): Generated file with long lines from binary-search Unicode range checks. Clearly documented as auto-generated, readable utility functions, consistent with added generate-char-utils script. | ai | |
| source-diff | obfuscated-file:dist/es2015/char-utils.d.ts | AI (source-diff): Generated TypeScript declaration file with long lines from Unicode range documentation. Clearly documented as auto-generated, contains only type declarations. | ai | |
| source-diff | obfuscated-file:dist/commonjs/char-utils.d.ts | AI (source-diff): Generated TypeScript declaration file with long lines from Unicode range documentation. Clearly documented as auto-generated, contains only type declarations. | ai | |
| source-diff | obfuscated-file:dist/es2015/char-utils.js | AI (source-diff): Generated file with long lines from binary-search Unicode range checks. Clearly documented as auto-generated, readable utility functions, consistent with added generate-char-utils script. | ai |
Versions (showing 94 of 94)
| Version | Deps | Published |
|---|---|---|
| 4.1.5 | 1 / 48 | |
| 4.1.4 | 1 / 48 | |
| 4.1.3 | 1 / 48 | |
| 4.1.1 | 1 / 48 | |
| 4.1.0 | 1 / 39 | |
| 4.0.2 | 1 / 39 | |
| 4.0.1 | 1 / 38 | |
| 4.0.0 | 1 / 38 | |
| 3.16.2 | 1 / 36 | |
| 3.16.1 | 1 / 36 | |
| 3.16.0 | 1 / 36 | |
| 3.15.0 | 1 / 34 | |
| 3.14.3 | 1 / 39 | |
| 3.14.2 | 1 / 39 | |
| 3.14.1 | 1 / 39 | |
| 3.14.0 | 1 / 39 | |
| 3.13.0 | 1 / 39 | |
| 3.12.0 | 1 / 39 | |
| 3.11.1 | 1 / 39 | |
| 3.11.0 | 1 / 39 | |
| 3.1.0 | 1 / 39 | |
| 3.0.5 | 1 / 39 | |
| 3.0.4 | 1 / 39 | |
| 3.0.3 | 1 / 39 | |
| 3.0.2 | 1 / 39 | |
| 3.0.1 | 1 / 39 | |
| 3.0.0 | 1 / 39 | |
| 2.2.2 | 1 / 35 | |
| 2.2.1 | 0 / 33 | |
| 2.2.0 | 0 / 33 | |
| 2.1.0 | 0 / 33 | |
| 2.0.0 | 0 / 33 | |
| 1.8.3 | 0 / 28 | |
| 1.8.1 | 0 / 28 | |
| 1.8.0 | 0 / 28 | |
| 1.7.1 | 0 / 28 | |
| 1.7.0 | 0 / 28 | |
| 1.6.2 | 0 / 28 | |
| 1.6.1 | 0 / 28 | |
| 1.6.0 | 0 / 28 | |
| 1.5.0 | 0 / 28 | |
| 1.4.4 | 0 / 28 | |
| 1.4.3 | 0 / 28 | |
| 1.4.2 | 0 / 28 | |
| 1.4.1 | 0 / 25 | |
| 1.4.0 | 0 / 25 | |
| 1.3.4 | 0 / 25 | |
| 1.3.2 | 0 / 25 | |
| 1.3.1 | 0 / 25 | |
| 1.3.0 | 0 / 25 | |
| 1.2.2 | 0 / 25 | |
| 1.2.1 | 0 / 25 | |
| 1.2.0 | 1 / 24 | |
| 1.1.1 | 1 / 24 | |
| 1.1.0 | 1 / 24 | |
| 1.0.0 | 1 / 24 | |
| 0.28.1 | 1 / 24 | |
| 0.28.0 | 1 / 24 | |
| 0.27.0 | 1 / 24 | |
| 0.26.1 | 1 / 24 | |
| 0.26.0 | 1 / 25 | |
| 0.25.2 | 1 / 25 | |
| 0.25.1 | 1 / 20 | |
| 0.25.0 | 1 / 20 | |
| 0.24.1 | 1 / 20 | |
| 0.24.0 | 0 / 11 | |
| 0.23.0 | 0 / 11 | |
| 0.22.0 | 0 / 9 | |
| 0.21.0 | 0 / 9 | |
| 0.20.0 | 0 / 9 | |
| 0.19.1 | 0 / 9 | |
| 0.19.0 | 0 / 9 | |
| 0.18.3 | 0 / 9 | |
| 0.18.2 | 0 / 9 | |
| 0.18.1 | 0 / 9 | |
| 0.18.0 | 0 / 9 | |
| 0.17.1 | 0 / 9 | |
| 0.17.0 | 0 / 9 | |
| 0.16.0 | 0 / 9 | |
| 0.15.3 | 0 / 9 | |
| 0.15.2 | 0 / 9 | |
| 0.15.1 | 0 / 9 | |
| 0.15.0 | 0 / 9 | |
| 0.14.1 | 0 / 9 | |
| 0.14.0 | 0 / 9 | |
| 0.13.1 | 0 / 9 | |
| 0.12.5 | 0 / 9 | |
| 0.12.4 | 0 / 8 | |
| 0.12.3 | 0 / 8 | |
| 0.12.2 | 0 / 8 | |
| 0.12.1 | 0 / 7 | |
| 0.11.2 | 0 / 7 | |
| 0.11.0 | 0 / 7 | |
| 0.7.2 | 0 / 6 |
v4.1.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.3
4 findingsScript: npx -y only-allow pnpm
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.16.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.14.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.14.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.14.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.