chromatic
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/main-DvqYpVD0.cjs | AI (source-diff): Bundled CJS output from build tool; consistent with prior versions' dist pattern. | ai | |
| source-diff | net-exec-file:dist/node-src-CMVvq6gD.cjs | AI (source-diff): CLI tool legitimately uses network + child_process for its core functionality. | ai | |
| source-diff | obfuscated-file:dist/node-src-CMVvq6gD.cjs | AI (source-diff): Bundled CJS output from build tool; consistent with prior versions' dist pattern. | ai | |
| source-diff | net-exec-file:dist/turbosnap-BUT48EFm.cjs | AI (source-diff): CLI tool legitimately uses HTTP + child_process; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/src-C0CbP6lv.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-BUT48EFm.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/meow-BJmmmeH9.cjs | AI (source-diff): CLI tool legitimately uses HTTP + child_process; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/node-src-bfL9hQHJ.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/noPackageJson-CqAvIwmU.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/main-Bz6xf24A.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/init-O6sGg0Ye.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/build-0YjH7XOc.cjs | AI (source-diff): Bundled/minified CJS output from tsdown build; stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/node-src-bfL9hQHJ.cjs | AI (source-diff): CLI tool legitimately uses HTTP + child_process; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/meow-BJmmmeH9.cjs | AI (source-diff): Bundled/minified CJS output; stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/node-src-B-8tvndP.cjs | AI (source-diff): CLI tool legitimately uses http and child_process; stable pattern. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-DntOl2F0.cjs | AI (source-diff): Bundled/minified CJS output for established CLI tool; stable pattern across versions. | ai | |
| source-diff | net-exec-file:dist/turbosnap-DntOl2F0.cjs | AI (source-diff): CLI tool legitimately uses http and child_process; stable pattern. | ai | |
| source-diff | obfuscated-file:dist/main-CqtA7jgL.cjs | AI (source-diff): Bundled/minified CJS output for established CLI tool; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:dist/node-src-B-8tvndP.cjs | AI (source-diff): Bundled/minified CJS output for established CLI tool; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:dist/node-src-CRJRIT5i.cjs | AI (source-diff): Bundled node source; minified CJS output. | ai | |
| source-diff | net-exec-file:dist/turbosnap-BIko_qmz.cjs | AI (source-diff): Turbosnap module bundles network + exec deps; expected. | ai | |
| source-diff | net-exec-file:dist/node-src-CRJRIT5i.cjs | AI (source-diff): Core node source needs network + child_process for CI integration. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-BIko_qmz.cjs | AI (source-diff): Bundled turbosnap module; minified CJS output. | ai | |
| source-diff | obfuscated-file:dist/main-CP8Z-Xcp.cjs | AI (source-diff): Main entry bundle with Sentry instrumentation; minified CJS output. | ai | |
| source-diff | net-exec-file:dist/node-src-BXbWxK-l.cjs | AI (source-diff): CLI tool bundles HTTP client + child_process for its core functionality. | ai | |
| source-diff | obfuscated-file:dist/build-C4rHr1DT.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/main-C-xFHdf2.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/node-src-BXbWxK-l.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli's build pipeline. | ai | |
| source-diff | net-exec-file:dist/node-src-B6aGjcEB.cjs | AI (source-diff): CLI tool legitimately uses HTTP + child_process for its core functionality. | ai | |
| source-diff | obfuscated-file:dist/node-src-B6aGjcEB.cjs | AI (source-diff): Bundled/minified CJS output; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/main-BgtEVN2e.cjs | AI (source-diff): Bundled/minified CJS output; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/build-jMi4iM_p.cjs | AI (source-diff): Bundled/minified CJS output for established CLI tool; stable pattern across versions. | ai | |
| source-diff | net-exec-file:dist/node-src-B34FbBzr.cjs | AI (source-diff): CLI tool legitimately uses network + child_process for its core functionality. | ai | |
| source-diff | obfuscated-file:dist/node-src-B34FbBzr.cjs | AI (source-diff): Bundled/minified CJS output; standard for this CLI package. | ai | |
| source-diff | obfuscated-file:dist/main-DFq1GPxh.cjs | AI (source-diff): Bundled/minified CJS output with Sentry; standard for this CLI package. | ai | |
| source-diff | obfuscated-file:dist/execa-CoWvSOvZ.cjs | AI (source-diff): Bundled CJS output; execa wrapper code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/main-B66B5FJg.cjs | AI (source-diff): Bundled CJS output; Sentry instrumentation visible in sample. | ai | |
| source-diff | obfuscated-file:dist/build-CGvQ5Mgf.cjs | AI (source-diff): Bundled CJS output from tsdown build; standard for this CLI package. | ai | |
| source-diff | obfuscated-file:dist/node-src-B6bnuaeJ.cjs | AI (source-diff): Bundled CJS output; main entry point for CLI. | ai | |
| source-diff | net-exec-file:dist/node-src-B6bnuaeJ.cjs | AI (source-diff): CLI tool legitimately uses http/child_process for Chromatic service interaction. | ai | |
| source-diff | obfuscated-file:dist/noPackageJson-5YbGI50Z.cjs | AI (source-diff): Bundled CJS output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-BjGfctYx.cjs | AI (source-diff): Bundled CJS output; turbosnap module for this CLI. | ai | |
| source-diff | net-exec-file:dist/turbosnap-BjGfctYx.cjs | AI (source-diff): CLI tool legitimately uses network and process APIs. | ai | |
| source-diff | obfuscated-file:dist/init-lcHaxhic.cjs | AI (source-diff): Bundled CJS output; eastasianwidth/meow code visible in sample. | ai | |
| source-diff | net-exec-file:dist/node-src-8i0zd0FG.cjs | AI (source-diff): Core CLI module; network+exec is expected functionality. | ai | |
| source-diff | obfuscated-file:dist/build-BYxCbKPn.cjs | AI (source-diff): Bundled/minified CJS output from tsdown; standard for this CLI package. | ai | |
| source-diff | obfuscated-file:dist/execa-BYysbdaH.cjs | AI (source-diff): Bundled execa dependency; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/from-Y7cUpUgc.cjs | AI (source-diff): Bundled web-streams-polyfill; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/init-B913ABoW.cjs | AI (source-diff): Bundled init module with eastasianwidth; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/main-BXErEqYy.cjs | AI (source-diff): Main CLI entry with Sentry instrumentation; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/meow-Cmqsflq2.cjs | AI (source-diff): Bundled meow/chalk/supports-color; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/multipart-parser-ByXk8gPy.cjs | AI (source-diff): Bundled multipart parser; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/node-src-8i0zd0FG.cjs | AI (source-diff): Bundled node source; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/noPackageJson-BpFPY758.cjs | AI (source-diff): Bundled module; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/src-BhnG2iLI.cjs | AI (source-diff): Bundled source module; minified CJS is expected. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-8uvSOsXN.cjs | AI (source-diff): Bundled turbosnap module; minified CJS is expected. | ai | |
| source-diff | net-exec-file:dist/meow-Cmqsflq2.cjs | AI (source-diff): CLI tool bundles network and exec deps legitimately. | ai | |
| source-diff | net-exec-file:dist/turbosnap-8uvSOsXN.cjs | AI (source-diff): Turbosnap module legitimately uses network and child_process. | ai | |
| source-diff | obfuscated-file:dist/build-Dv43yxhB.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli which bundles deps into dist/. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): Automated CI/CD publishing with SLSA provenance; rapid publish is expected. | ai | |
| source-diff | net-exec-file:dist/turbosnap-B_I6kuo4.cjs | AI (source-diff): CLI tool legitimately uses http/child_process for CI testing workflows. | ai | |
| source-diff | net-exec-file:dist/node-src-iPOS2lk_.cjs | AI (source-diff): CLI tool legitimately uses http/child_process for CI testing workflows. | ai | |
| source-diff | obfuscated-file:dist/turbosnap-B_I6kuo4.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/src-W11v-Ws2.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/readStatsFile-BZQOIcua.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/node-src-iPOS2lk_.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/multipart-parser-BqK4wbVh.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/main-D-nkfTzp.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/lib-BCQVcqZT.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/init-DN1v9-Y5.cjs | AI (source-diff): Bundled/minified CJS output; standard for chromatic-cli. | ai | |
| source-diff | obfuscated-file:dist/node-src-DUHmpAbn.cjs | AI (source-diff): Minified CLI bundle; standard build output for chromatic-cli across all versions. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): semver is a declared runtime dependency; bundled into dist so not directly imported at source level. | ai | |
| source-diff | net-exec-file:dist/node-src-DUHmpAbn.cjs | AI (source-diff): CLI tool legitimately uses network (Chromatic API) and child_process (git, storybook); not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/main-BtonhZ1L.cjs | AI (source-diff): Minified CLI bundle; standard build output for chromatic-cli across all versions. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 17.1.0 | 1 / 123 | |
| 17.0.1 | 1 / 123 | |
| 17.0.0 | 1 / 123 | |
| 16.10.1 | 1 / 123 | |
| 16.10.0 | 1 / 123 | |
| 16.9.1 | 1 / 121 | |
| 16.9.0 | 1 / 121 | |
| 16.8.0 | 1 / 121 | |
| 16.7.0 | 1 / 121 | |
| 16.6.3 | 1 / 119 | |
| 16.6.2 | 1 / 119 | |
| 16.6.1 | 1 / 119 | |
| 16.6.0 | 1 / 117 | |
| 16.5.0 | 1 / 117 | |
| 16.4.0 | 1 / 117 | |
| 16.3.0 | 0 / 118 | |
| 16.2.0 | 0 / 118 | |
| 16.1.0 | 0 / 118 |
v17.1.0
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v17.0.1
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v17.0.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.10.1
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.10.0
17 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.9.1
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.9.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.8.0
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.7.0
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.