diff
A JavaScript text diff implementation.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:lib/index.js | AI (source-diff): Babel-transpiled CommonJS output with istanbul comments; standard build artifact for this package, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/diff/base.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/diff/json.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/diff/line.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/diff/word.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/patch/apply.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/patch/create.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/patch/merge.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/patch/parse.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | obfuscated-file:lib/util/distance-iterator.js | AI (source-diff): Babel-transpiled CommonJS output; standard build artifact for diff package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): lib/ directory is the standard Babel build output for diff; file count is expected for this package structure. | ai |
Versions (showing 46 of 46)
| Version | Deps | Published |
|---|---|---|
| 9.0.0 | 0 / 26 | |
| 8.0.4 | 0 / 26 | |
| 8.0.3 | 0 / 26 | |
| 5.2.2 | 0 / 37 | |
| 5.2.0 | 0 / 37 | |
| 5.1.0 | 0 / 37 | |
| 4.0.4 | 0 / 38 | |
| 4.0.2 | 0 / 38 | |
| 4.0.1 | 0 / 38 | |
| 4.0.0 | 0 / 38 | |
| 3.5.1 | 0 / 34 | |
| 3.5.0 | 0 / 34 | |
| 3.4.0 | 0 / 34 | |
| 3.3.1 | 0 / 34 | |
| 3.3.0 | 0 / 34 | |
| 3.2.0 | 0 / 34 | |
| 3.1.0 | 0 / 34 | |
| 3.0.1 | 0 / 34 | |
| 3.0.0 | 0 / 33 | |
| 2.2.3 | 0 / 33 | |
| 2.2.2 | 0 / 33 | |
| 2.2.1 | 0 / 33 | |
| 2.2.0 | 0 / 33 | |
| 2.1.3 | 0 / 33 | |
| 2.1.2 | 0 / 33 | |
| 2.1.1 | 0 / 33 | |
| 2.1.0 | 0 / 33 | |
| 2.0.2 | 0 / 33 | |
| 2.0.1 | 0 / 33 | |
| 1.4.0 | 0 / 4 | |
| 1.3.2 | 0 / 4 | |
| 1.3.1 | 0 / 4 | |
| 1.3.0 | 0 / 4 | |
| 1.2.2 | 0 / 4 | |
| 1.2.1 | 0 / 4 | |
| 1.2.0 | 0 / 4 | |
| 1.1.0 | 0 / 3 | |
| 1.0.8 | 0 / 3 | |
| 1.0.7 | 0 / 2 | |
| 1.0.6 | 0 / 2 | |
| 1.0.5 | 0 / 2 | |
| 1.0.4 | 0 / 2 | |
| 1.0.3 | 0 / 0 | |
| 1.0.2 | 0 / 0 | |
| 1.0.1 | 0 / 0 | |
| 1.0.0 | 0 / 0 |
v8.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.2
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.