gatsby-admin
A visual interface to configure your Gatsby site. Currently alpha testing.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-67ce632b0cfbcb61d113.js | AI (source-diff): Gatsby page component bundle. Standard minified webpack output. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-fd7610bf881aa51bc208.js | AI (source-diff): Webpack runtime bundle — minification and new Function() are canonical webpack runtime behavior. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-67ce632b0cfbcb61d113.js | AI (source-diff): Standard Gatsby page bundle with webpack module loading patterns. Not malware. | ai | |
| source-diff | obfuscated-file:public/854a7ef1f34af0aefbdfdd9304a0c00251662775-b0fb3ea518f8db46ab3c.js | AI (source-diff): Standard webpack-bundled output from gatsby build. Content-hash filename and webpackChunkgatsby_admin pattern confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:public/app-0b429b985b4cd0b9fa84.js | AI (source-diff): Standard webpack bundle for gatsby-admin UI. Includes LICENSE.txt reference and webpackChunk pattern — canonical Gatsby build output. | ai | |
| source-diff | net-exec-file:public/app-0b429b985b4cd0b9fa84.js | AI (source-diff): Network calls are React/GraphQL/socket.io client code; dynamic execution is webpack module runtime. Standard Gatsby admin UI build artifact. | ai | |
| source-diff | obfuscated-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-c73e9fe03e5830637703.js | AI (source-diff): Standard webpack chunk from gatsby build. Content-hash filename and webpackChunkgatsby_admin confirm legitimate build artifact. | ai | |
| source-diff | net-exec-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-c73e9fe03e5830637703.js | AI (source-diff): Standard Gatsby admin UI webpack bundle. Network/exec patterns are React hooks and webpack module loading, not malware. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-index-tsx-455d21fec959a5b752ca.js | AI (source-diff): Gatsby page component bundle with content-hash suffix. Standard gatsby build output, not obfuscation. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-91150640d438410a1a0b.js | AI (source-diff): Gatsby page bundle with standard browser networking. No malicious patterns; expected build artifact from Gatsby monorepo admin UI. | ai | |
| source-diff | net-exec-file:public/app-d9751648e893ba210043.js | AI (source-diff): Webpack bundle containing socket.io-client networking code. Network+exec pattern is from legitimate bundled browser JS, not malware. Expected for this Gatsby admin UI. | ai | |
| source-diff | obfuscated-file:public/app-d9751648e893ba210043.js | AI (source-diff): Standard Webpack-minified bundle in Gatsby build output (public/ dir). Socket.io-client bundle — expected artifact for this pre-built admin UI package. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-91150640d438410a1a0b.js | AI (source-diff): Standard Gatsby Webpack bundle for the recipe page. Contains transliteration map data — benign build artifact. | ai | |
| source-diff | obfuscated-file:public/app-b11c4f2a414bad504c11.js | AI (source-diff): gatsby-admin ships webpack-bundled React UI artifacts; minified bundle files are expected build outputs, not obfuscation. Pattern is stable for this package. | ai | |
| source-diff | net-exec-file:public/app-b11c4f2a414bad504c11.js | AI (source-diff): The file is a webpack React bundle for the Gatsby Admin UI; network calls (GraphQL) and dynamic code patterns (webpack module loader) are inherent to this build artifact, not dropper behavior. | ai | |
| source-diff | net-exec-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-52c66354c9e40dafee82.js | AI (source-diff): Same rationale as app bundle — webpack module system and React patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:public/app-290a2b18c2bf478892b5.js | AI (source-diff): Network calls are Algolia search API; dynamic execution is webpack module system. Both are expected in this Gatsby admin UI bundle. | ai | |
| source-diff | obfuscated-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-52c66354c9e40dafee82.js | AI (source-diff): Standard webpack-minified chunk from Gatsby build; content shows React hooks and descendant management utilities. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-9172ba536ddfa2136b81.js | AI (source-diff): Standard webpack runtime chunk; minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-cb2967f252bd2a91f542.js | AI (source-diff): Gatsby recipe page bundle; minified utility code, standard build artifact. | ai | |
| source-diff | net-exec-file:public/component---src-pages-plugins-tsx-0473a7c3e1abdf54b13c.js | AI (source-diff): Algolia HTTP API calls and webpack module system; standard for this admin UI's plugin search feature. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-plugins-tsx-0473a7c3e1abdf54b13c.js | AI (source-diff): Gatsby page component bundle for plugins page; minified Algolia client code, expected build output. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-index-tsx-e14ac7eb589bdb79743f.js | AI (source-diff): Gatsby page component bundle; minified Algolia search helper code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:public/app-290a2b18c2bf478892b5.js | AI (source-diff): Standard webpack-minified build output from Gatsby's build pipeline; file naming and content confirm legitimate build artifact, not obfuscation. | ai | |
| source-diff | net-exec-file:public/polyfill-57516aa073b69c7c67a0.js | AI (source-diff): The 'network + code execution' pattern is webpack's standard cross-environment global detection (Function('return this')()) combined with polyfill feature detection. Not a dropper — legitimate build artifact. | ai | |
| source-diff | obfuscated-file:public/polyfill-57516aa073b69c7c67a0.js | AI (source-diff): This is a webpack-bundled polyfill (core-js patterns clearly visible in sample). Minified build artifacts are expected in gatsby-admin's public/ directory as part of gatsby build output. | ai | |
| source-diff | obfuscated-file:public/app-74fe4789160202707c96.js | AI (source-diff): Standard webpack-minified bundle for Gatsby admin UI; minified output is expected for this package which ships pre-built frontend assets. | ai | |
| source-diff | net-exec-file:public/app-74fe4789160202707c96.js | AI (source-diff): Network (socket.io) + new Function() in a webpack bundle is normal for this Gatsby admin UI frontend; not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-4e8fdacf3e36393b3739.js | AI (source-diff): Standard webpack chunk for Gatsby admin UI; minified output is expected for this package. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-4e8fdacf3e36393b3739.js | AI (source-diff): Webpack chunk for Gatsby admin UI; network+exec pattern is a false positive in bundled frontend code. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-9145a81f88651aaae034.js | AI (source-diff): Network+exec pattern in a webpack Gatsby page bundle is the normal module system, not malware. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-9145a81f88651aaae034.js | AI (source-diff): Standard webpack-minified Gatsby page bundle. Minified output is expected for this pre-built admin UI package. | ai | |
| source-diff | obfuscated-file:public/app-728b2fe72d83bcb71810.js | AI (source-diff): Standard webpack-minified build artifact from Gatsby's build pipeline. gatsby-admin ships pre-built static assets; minified JS is expected and benign for this package. | ai | |
| source-diff | net-exec-file:public/app-728b2fe72d83bcb71810.js | AI (source-diff): Network+exec pattern is socket.io-client + webpack module system in a pre-built Gatsby admin UI bundle. Not dropper malware; stable false positive for this package. | ai | |
| source-diff | net-exec-file:public/polyfill-1d212d5f43e067949018.js | AI (source-diff): Function('return this')() is standard core-js global detection idiom, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:public/polyfill-1d212d5f43e067949018.js | AI (source-diff): Standard core-js/webpack polyfill bundle. Minified by design, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-f0a4af1ca8324218f45c.js | AI (source-diff): Standard webpack runtime boilerplate; minified by design for distribution. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-index-tsx-c0152dc94ac58fddfeeb.js | AI (source-diff): Gatsby page component bundle (Algolia search helper, EventEmitter). Standard minified build output. | ai | |
| source-diff | obfuscated-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-3f9345f54bf860761618.js | AI (source-diff): Standard webpack-minified bundle (React hooks/descendants utilities). Expected Gatsby build output. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-d894d0f6b9eed2572716.js | AI (source-diff): Gatsby page component bundle. Standard minified build output. | ai | |
| source-diff | net-exec-file:public/component---src-pages-plugins-tsx-79f5388e76bb004c461a.js | AI (source-diff): webpack module loading + React patterns in page bundle; not malicious. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-plugins-tsx-79f5388e76bb004c461a.js | AI (source-diff): Gatsby page component bundle. Standard minified build output with EventEmitter pattern. | ai | |
| source-diff | obfuscated-file:public/784b2cee55c07b638f20445dec340adf9f1888a3-ff699326697a9b0f1141.js | AI (source-diff): Standard webpack-minified bundle output from Gatsby build; legitimate CSS-in-JS (Emotion) code. Expected for this package. | ai | |
| source-diff | net-exec-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-3f9345f54bf860761618.js | AI (source-diff): webpack module loading + React patterns; not malicious. Expected for Gatsby admin UI bundle. | ai | |
| source-diff | net-exec-file:public/app-1f03e26771ed66056780.js | AI (source-diff): webpack chunk loading + React fetch patterns; not dropper/loader behavior. Expected for Gatsby admin UI bundle. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-d894d0f6b9eed2572716.js | AI (source-diff): webpack module loading + React patterns in page bundle; not malicious. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-7ea2c1049883299717f3.js | AI (source-diff): webpack runtime bundle. Standard minified build output; new Function() is webpack's standard module loading mechanism. | ai | |
| source-diff | net-exec-file:public/polyfill-e2b931f86732051d332e.js | AI (source-diff): Polyfill bundle with feature detection patterns; not malicious network+exec behavior. | ai | |
| source-diff | obfuscated-file:public/polyfill-e2b931f86732051d332e.js | AI (source-diff): Browser polyfill bundle. Standard minified build output. | ai | |
| source-diff | obfuscated-file:public/framework-b24cde22b86a9930317b.js | AI (source-diff): Gatsby framework bundle (React runtime). Standard minified build output. | ai | |
| source-diff | obfuscated-file:public/e2852b4470dcb2615e49edcd9de2a3c8119d4bec-e8377efa018b5b632652.js | AI (source-diff): Standard webpack-minified bundle from Gatsby build. Expected output. | ai | |
| source-diff | obfuscated-file:public/app-1f03e26771ed66056780.js | AI (source-diff): Standard webpack-minified app bundle from Gatsby build. Contains Babel helpers and React utilities. | ai | |
| source-diff | obfuscated-file:public/854a7ef1f34af0aefbdfdd9304a0c00251662775-aa0380a0e650c4e20230.js | AI (source-diff): Standard webpack-minified bundle (Lodash/utility code). Expected Gatsby build output. | ai | |
| source-diff | obfuscated-file:public/app-a02413168c398e43673a.js | AI (source-diff): Standard Webpack/Gatsby minified build artifact. Naming convention and content confirm legitimate Gatsby admin UI bundle, not obfuscated malware. | ai | |
| source-diff | net-exec-file:public/app-a02413168c398e43673a.js | AI (source-diff): Network calls and new Function() in this file are standard webpack runtime patterns (globalThis polyfill + UI fetch calls), not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-8f8adf2df036716aba19.js | AI (source-diff): Standard Gatsby page component bundle. File naming matches Gatsby's canonical build output format. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-8f8adf2df036716aba19.js | AI (source-diff): Network + code execution flags are false positives on Gatsby's standard webpack-bundled UI page components. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-58426d822f441c4be962.js | AI (source-diff): Standard Gatsby/webpack runtime file. The new Function() pattern is webpack's canonical globalThis polyfill. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-3cebdfd1e7678aa2dd3e.js | AI (source-diff): Network+exec pattern is webpack chunk loading infrastructure, not malware. Standard Gatsby build output. | ai | |
| source-diff | obfuscated-file:public/app-650ea5ffc8686e13a1e4.js | AI (source-diff): Standard Webpack-minified build artifact for Gatsby admin UI. Long lines are expected webpack bundle output, not obfuscation. | ai | |
| source-diff | net-exec-file:public/app-650ea5ffc8686e13a1e4.js | AI (source-diff): Network+exec pattern is webpack runtime dynamic module loading (Promise.all + chunk loading), not malware. Standard Gatsby build output. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-3cebdfd1e7678aa2dd3e.js | AI (source-diff): Standard Webpack-minified Gatsby page component bundle. Long lines are expected minified output. | ai | |
| source-diff | obfuscated-file:public/polyfill-8cf307b8c8e963342754.js | AI (source-diff): Standard core-js polyfill bundle produced by Gatsby/webpack build. Long lines are expected minified polyfill output. | ai | |
| source-diff | net-exec-file:public/polyfill-8cf307b8c8e963342754.js | AI (source-diff): Network+exec pattern triggered by webpack runtime global detection (new Function('return this')()), standard polyfill pattern. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-0f28f3d647dc43d8abb9.js | AI (source-diff): Standard webpack runtime bundle. Long lines are expected minified webpack runtime output, not obfuscation. | ai | |
| source-diff | obfuscated-file:public/app-ae73c37ae339da42b23e.js | AI (source-diff): This is a standard webpack/Gatsby minified build artifact (webpackJsonp bundle). Minified frontend assets are expected output for gatsby-admin builds. | ai | |
| source-diff | net-exec-file:public/app-ae73c37ae339da42b23e.js | AI (source-diff): False positive: webpack bundle combining module loading (dynamic require) with any network code triggers this rule. This is normal for Gatsby's pre-built admin UI assets. | ai | |
| source-diff | net-exec-file:public/app-0b0dab26235a57c927b8.js | AI (source-diff): Network + code execution pattern in a webpack SPA bundle is standard (fetch + dynamic module loading). No malicious payload evident in the sample. | ai | |
| source-diff | obfuscated-file:public/app-0b0dab26235a57c927b8.js | AI (source-diff): This is a standard webpack-minified Gatsby frontend bundle. Long lines are minification artifacts, not obfuscation. Expected for a package that ships its built admin UI assets. | ai | |
| source-diff | obfuscated-file:public/app-6c2c6fce379979bf83b4.js | AI (source-diff): This is a standard Webpack-minified Gatsby frontend build artifact. Minified public/ JS bundles are expected output for gatsby-admin across all versions. | ai | |
| source-diff | net-exec-file:public/app-6c2c6fce379979bf83b4.js | AI (source-diff): Network+exec pattern in this file is socket.io client + webpack module system in a browser bundle — standard Gatsby admin UI build output, not malware. | ai | |
| source-diff | obfuscated-file:public/polyfill-3220228a1f93ed70393d.js | AI (source-diff): This is a webpack-bundled core-js polyfill build artifact. Minified single-line output is expected for Gatsby public/ build files; not obfuscation. | ai | |
| source-diff | net-exec-file:public/polyfill-3220228a1f93ed70393d.js | AI (source-diff): The 'code execution' trigger is new Function('return this')() — a standard cross-environment global detection idiom in core-js polyfills. Not a dropper/loader pattern. | ai | |
| source-diff | net-exec-file:public/app-fefc4501fd27622da1b1.js | AI (source-diff): Webpack bundle naturally combines network calls (GraphQL) and dynamic code execution (module loading). This is expected for a Gatsby admin UI build artifact, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:public/app-fefc4501fd27622da1b1.js | AI (source-diff): This is a standard webpack-minified Gatsby frontend build artifact with an accompanying source map. Minified build output is expected for gatsby-admin across all versions. | ai | |
| source-diff | obfuscated-file:public/app-749bdcbe1800236c1de3.js | AI (source-diff): Standard webpack-bundled Gatsby build output in public/ directory; minification is expected for this package's build artifacts. | ai | |
| source-diff | net-exec-file:public/app-749bdcbe1800236c1de3.js | AI (source-diff): Gatsby admin UI webpack bundle; network calls are GraphQL/socket.io client code and dynamic execution is webpack module loading — not malware. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-plugins-tsx-c6700b48ed9ac88a9768.js | AI (source-diff): Standard Gatsby webpack bundle for the plugins page; minification is expected. | ai | |
| source-diff | net-exec-file:public/component---src-pages-plugins-tsx-c6700b48ed9ac88a9768.js | AI (source-diff): Gatsby admin UI webpack bundle; network/exec patterns are webpack module system, not malware. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-e508d7ea0c80b0071ca7.js | AI (source-diff): Standard Gatsby webpack bundle for the recipe page; minification is expected. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-e508d7ea0c80b0071ca7.js | AI (source-diff): Gatsby admin UI webpack bundle; patterns are webpack module system, not malware. | ai | |
| source-diff | obfuscated-file:public/e2852b4470dcb2615e49edcd9de2a3c8119d4bec-fbd253211b90ee4d944c.js | AI (source-diff): Standard Gatsby webpack bundle; minification is expected for build output. | ai | |
| source-diff | obfuscated-file:public/framework-b5530edc347e85dd3979.js | AI (source-diff): React framework webpack bundle (contains recognizable React/PropTypes code); minification is expected. | ai | |
| source-diff | obfuscated-file:public/polyfill-dce23570cfd77335f976.js | AI (source-diff): Standard polyfill webpack bundle; minification is expected for Gatsby build output. | ai | |
| source-diff | net-exec-file:public/polyfill-dce23570cfd77335f976.js | AI (source-diff): Polyfill bundle; network/exec patterns are webpack module system patterns, not malware. | ai | |
| source-diff | large-new-source-files | AI (source-diff): gatsby-admin ships pre-built Gatsby static site output; large numbers of new JS/map files are expected on each build update. | ai | |
| provenance | publisher-changed | AI (provenance): ascorbic (Matt Kane) is a known Gatsby/Netlify contributor; the vladar→ascorbic transition in Feb 2021 is a documented org-level maintainer change within the Gatsby project. | ai | |
| source-diff | net-exec-file:public/polyfill-bb3950ad41cd96a6ba64.js | AI (source-diff): Polyfill bundles commonly use new Function() for feature detection; not malicious. Legitimate Gatsby build artifact. | ai | |
| source-diff | obfuscated-file:public/polyfill-bb3950ad41cd96a6ba64.js | AI (source-diff): Standard Webpack-minified polyfill bundle. Legitimate Gatsby build artifact. | ai | |
| source-diff | net-exec-file:public/component---src-pages-recipe-js-48fb05e6af01805f0a27.js | AI (source-diff): Network calls are for GraphQL subscriptions; dynamic execution is webpack module system. Legitimate Gatsby admin UI bundle. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-recipe-js-48fb05e6af01805f0a27.js | AI (source-diff): Standard Webpack-minified page bundle for recipe page. Legitimate Gatsby build artifact. | ai | |
| source-diff | net-exec-file:public/component---src-pages-plugins-tsx-b21f6a0bce55683f8189.js | AI (source-diff): Network calls are for plugin search (algoliasearch); dynamic execution is webpack module system. Legitimate Gatsby admin UI bundle. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-plugins-tsx-b21f6a0bce55683f8189.js | AI (source-diff): Standard Webpack-minified page bundle for plugins page. License header present. Legitimate Gatsby build artifact. | ai | |
| source-diff | obfuscated-file:public/component---src-pages-index-tsx-70aa31e4e1eca0a560a8.js | AI (source-diff): Standard Webpack-minified page bundle for index page. License header present. Legitimate Gatsby build artifact. | ai | |
| source-diff | net-exec-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-976ea4aa8380d4a68cb1.js | AI (source-diff): Network calls are algoliasearch API calls for plugin search; dynamic execution is webpack module system. Legitimate Gatsby admin UI bundle. | ai | |
| source-diff | obfuscated-file:public/c432bec7e9afb3443fd639df9e5f119e13575cf7-976ea4aa8380d4a68cb1.js | AI (source-diff): Standard Webpack-minified bundle containing algoliasearch library. License header present. Legitimate build artifact. | ai | |
| source-diff | net-exec-file:public/app-91215e475f1cb5a2b03d.js | AI (source-diff): Network calls are socket.io-client for GraphQL subscriptions; dynamic execution is webpack module system. Standard Gatsby admin UI bundle, not malware. | ai | |
| source-diff | obfuscated-file:public/app-91215e475f1cb5a2b03d.js | AI (source-diff): Standard Webpack-minified app bundle containing socket.io-client. License header present. Legitimate Gatsby build artifact. | ai | |
| source-diff | obfuscated-file:public/854a7ef1f34af0aefbdfdd9304a0c00251662775-30cef3c004238987a416.js | AI (source-diff): Standard Webpack-minified bundle containing lodash library code. Legitimate build artifact from Gatsby build process. | ai | |
| source-diff | obfuscated-file:public/784b2cee55c07b638f20445dec340adf9f1888a3-d690a55f56dedc0f95b3.js | AI (source-diff): Standard Webpack-minified bundle (webpackJsonp pattern) containing emotion CSS-in-JS library code. License header present. Legitimate build artifact. | ai | |
| source-diff | obfuscated-file:public/webpack-runtime-e28720258d642805053f.js | AI (source-diff): Standard webpack runtime chunk in the public/ directory of a Gatsby admin UI build. Minification is expected for all versions of this package. | ai | |
| source-diff | obfuscated-file:public/e2852b4470dcb2615e49edcd9de2a3c8119d4bec-8f0ece9fb0388e9d29f0.js | AI (source-diff): Standard webpack-bundled output in the public/ directory of a Gatsby admin UI build. Minification is expected for all versions of this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is in Gatsby's internal SSR module-tracking proxy infrastructure — a known, intentional pattern stable across versions. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Gatsby monorepo has many rotating contributors; maintainer changes are routine for this large OSS project and do not indicate takeover. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established Gatsby internal package; missing description is a known characteristic of this package, not a malicious signal. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): gatsby-admin is a long-lived Gatsby internal/placeholder package with 684 versions; 0.0.0 reflects namespace reservation, not malicious intent. | ai | |
| phantom-deps | phantom-dep:csstype | AI (phantom-deps): TypeScript CSS type definitions; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:theme-ui | AI (phantom-deps): Styling library for Gatsby; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): React peer dependency; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Build-time dependency; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:react-icons | AI (phantom-deps): UI library for Gatsby admin; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@emotion/core | AI (phantom-deps): Styling library; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Styling library; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:gatsby-source-graphql | AI (phantom-deps): Gatsby plugin; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:gatsby-plugin-typescript | AI (phantom-deps): Gatsby plugin; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Build-time linting tool; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Build-time linting tool; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:yup | AI (phantom-deps): Legitimate dependency for Gatsby form validation; referenced in config but not directly imported in source. | ai | |
| phantom-deps | phantom-dep:gatsby | AI (phantom-deps): Core Gatsby dependency; referenced in build config and scripts, not directly imported in source. | ai | |
| phantom-deps | phantom-dep:formik | AI (phantom-deps): Legitimate dependency for Gatsby form handling; referenced in config but not directly imported in source. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): Intentional, documented use of eval() in admin UI to parse JS object notation for plugin options, immediately sanitized via JSON.parse(JSON.stringify()). Stable false positive for this package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Appears in webpack-bundled output (public/app-*.js); new Function() is a standard webpack module loading pattern in minified bundles, not a security risk. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Gatsby monorepo package; empty index.js and no keywords are expected for a UI admin panel. Mass-production flag reflects the large Gatsby org, not spam behavior. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Fires on a test file in Gatsby's build cache (.cache/__tests__/minimal-config.js). Standard test infrastructure in the official Gatsby monorepo; not a runtime risk. | ai | |
| semgrep | semgrep:child-process-spawn | AI (semgrep): Spawns process.execPath (Node itself) in a test file to verify build cache behavior. Legitimate test code from the official Gatsby monorepo; not a runtime risk. | ai |
Versions (showing 95 of 195)
| Version | Deps | Published |
|---|---|---|
| 0.1.155 | 0 / 35 | |
| 0.1.154 | 0 / 35 | |
| 0.1.153 | 0 / 35 | |
| 0.1.152 | 0 / 35 | |
| 0.1.151 | 0 / 35 | |
| 0.1.150 | 0 / 33 | |
| 0.1.149 | 0 / 32 | |
| 0.1.148 | 0 / 32 | |
| 0.1.147 | 0 / 32 | |
| 0.1.146 | 0 / 32 | |
| 0.1.145 | 0 / 32 | |
| 0.1.144 | 0 / 32 | |
| 0.1.143 | 0 / 32 | |
| 0.1.142 | 0 / 32 | |
| 0.1.141 | 0 / 32 | |
| 0.1.140 | 0 / 31 | |
| 0.1.139 | 0 / 29 | |
| 0.1.138 | 0 / 29 | |
| 0.1.137 | 0 / 29 | |
| 0.1.136 | 0 / 29 | |
| 0.1.135 | 0 / 29 | |
| 0.1.134 | 0 / 29 | |
| 0.1.133 | 0 / 29 | |
| 0.1.132 | 0 / 29 | |
| 0.1.131 | 0 / 29 | |
| 0.1.130 | 0 / 29 | |
| 0.1.129 | 0 / 29 | |
| 0.1.128 | 0 / 29 | |
| 0.1.127 | 0 / 29 | |
| 0.1.126 | 0 / 29 | |
| 0.1.125 | 0 / 29 | |
| 0.1.124 | 0 / 29 | |
| 0.1.123 | 0 / 29 | |
| 0.1.122 | 0 / 29 | |
| 0.1.121 | 0 / 29 | |
| 0.1.120 | 0 / 29 | |
| 0.1.119 | 0 / 29 | |
| 0.1.118 | 0 / 29 | |
| 0.1.117 | 0 / 29 | |
| 0.1.116 | 0 / 29 | |
| 0.1.115 | 0 / 29 | |
| 0.1.114 | 0 / 29 | |
| 0.1.113 | 0 / 29 | |
| 0.1.112 | 0 / 29 | |
| 0.1.104 | 0 / 27 | |
| 0.1.103 | 0 / 27 | |
| 0.1.102 | 0 / 27 | |
| 0.1.101 | 0 / 27 | |
| 0.1.100 | 0 / 27 | |
| 0.1.99 | 0 / 27 | |
| 0.1.98 | 0 / 26 | |
| 0.1.97 | 0 / 26 | |
| 0.1.96 | 0 / 22 | |
| 0.1.95 | 0 / 22 | |
| 0.1.94 | 0 / 22 | |
| 0.1.93 | 0 / 22 | |
| 0.1.92 | 0 / 22 | |
| 0.1.91 | 0 / 22 | |
| 0.1.90 | 0 / 22 | |
| 0.1.89 | 0 / 22 | |
| 0.1.88 | 0 / 22 | |
| 0.1.87 | 0 / 22 | |
| 0.1.86 | 0 / 22 | |
| 0.1.85 | 0 / 22 | |
| 0.1.84 | 0 / 22 | |
| 0.1.83 | 0 / 22 | |
| 0.1.82 | 0 / 22 | |
| 0.1.81 | 0 / 22 | |
| 0.1.80 | 0 / 22 | |
| 0.1.79 | 0 / 22 | |
| 0.1.78 | 0 / 22 | |
| 0.1.76 | 0 / 22 | |
| 0.1.75 | 0 / 22 | |
| 0.1.74 | 0 / 22 | |
| 0.1.73 | 0 / 22 | |
| 0.1.72 | 0 / 22 | |
| 0.1.71 | 0 / 22 | |
| 0.1.70 | 0 / 22 | |
| 0.1.69 | 0 / 22 | |
| 0.1.68 | 0 / 21 | |
| 0.1.67 | 20 / 0 | |
| 0.1.66 | 20 / 0 | |
| 0.1.65 | 20 / 0 | |
| 0.1.64 | 19 / 0 | |
| 0.1.63 | 19 / 0 | |
| 0.1.62 | 19 / 0 | |
| 0.1.61 | 19 / 0 | |
| 0.1.60 | 19 / 0 | |
| 0.1.59 | 19 / 0 | |
| 0.1.58 | 19 / 0 | |
| 0.1.57 | 19 / 0 | |
| 0.1.56 | 19 / 0 | |
| 0.1.55 | 19 / 0 | |
| 0.1.54 | 19 / 0 | |
| 0.0.0 | 0 / 0 |
v0.1.155
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.154
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.153
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.152
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.151
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.150
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.149
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.148
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.147
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.146
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.145
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.144
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.143
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.142
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.141
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.140
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.139
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.138
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.136
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.134
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.133
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.132
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.131
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.130
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.129
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.128
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.124
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.123
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.120
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.119
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.100
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.92
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.88
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.86
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.83
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.78
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.75
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.72
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.71
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.70
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.69
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.68
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.67
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.66
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.55
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.