mermaid
Markdown-ish syntax for generating flowcharts, mindmaps, sequence diagrams, class diagrams, gantt charts, git graphs and more.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-UL44E2DR.mjs | AI (source-diff): Minified build output in esm.min bundle; standard for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-Y2BXMSZH.mjs | AI (source-diff): Minified jison parser output; standard for mermaid. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-MWKDPP7W.mjs | AI (source-diff): Bundled jison parser output; standard for mermaid. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm/chunk-234R4QNB.mjs | AI (source-diff): Bundled cytoscape library; no actual malicious net+exec pattern. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm.min/chunk-3SSMPTDK.mjs | AI (source-diff): Minified cytoscape bundle; false positive on net+exec heuristic. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm.min/chunk-4R4BOZG6.mjs | AI (source-diff): Bundled vscode-languageserver types; false positive on net+exec heuristic. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Mermaid has irregular release cadence; 187-day gap is normal for this project. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-AAUBKEIU.mjs | AI (source-diff): Bundled jison parser output with long lines; standard for mermaid. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-7IZFK4PR.mjs | AI (source-diff): Minified build output in esm.min bundle; standard for this package. | ai | |
| source-diff | obfuscated-file:dist/flowDb-0019c359.js | AI (source-diff): Standard minified build output; readable imports and flowchart parser tables confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/gitGraphDiagram-70b91930.js | AI (source-diff): Standard minified build output for mermaid git graph diagram; consistent with legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/gitGraphDiagram-55446347.js | AI (source-diff): Standard minified build output for mermaid git graph diagram; consistent with legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/gitGraphDiagram-127727f3.js | AI (source-diff): Standard minified build output for mermaid git graph diagram; consistent with legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/flowDb-ab4144b2.js | AI (source-diff): Standard minified build output for mermaid flowchart module; consistent with legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/flowDb-a707052f.js | AI (source-diff): Standard minified build output; readable imports and flowchart parser tables confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/flowchart-elk-definition-de178c98.js | AI (source-diff): Standard minified build output; readable imports and ELK layout code confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/flowchart-elk-definition-37ec854a.js | AI (source-diff): Standard minified build output; readable imports including elkjs bundled code confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/erDiagram-6e9c0e5f.js | AI (source-diff): Standard minified build output; readable imports and ER diagram parser tables confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/c4Diagram-513b24e8.js | AI (source-diff): Standard minified build output; readable imports and mermaid parser code confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/c4Diagram-4a1de0c4.js | AI (source-diff): Standard minified build output; readable imports and mermaid parser code confirm legitimate artifact. | ai | |
| source-diff | obfuscated-file:dist/c4Diagram-1aeee79c.js | AI (source-diff): Standard Vite/Rollup minified build output for mermaid diagram parsers. Readable imports and parser tables confirm legitimate build artifact, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-EJXTDGMB.mjs | AI (source-diff): Standard minified ESM bundle output for mermaid's architecture diagram module. Content is recognizable diagram parser/layout code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-DXJLMXH2.mjs | AI (source-diff): Non-minified ESM bundle for C4 diagram — long lines are jison parser tables, a known pattern in mermaid's build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-BBK6TRR6.mjs | AI (source-diff): Standard minified ESM bundle for C4 diagram module. Content is recognizable jison parser tables. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-HG7WUIX4.mjs | AI (source-diff): Standard minified ESM bundle for block diagram module. Content is recognizable jison parser tables and diagram logic. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-IC4MRINW.mjs | AI (source-diff): Core ESM bundle for C4 diagram — long lines are jison parser tables, consistent with mermaid's normal build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-RIHJSL5F.mjs | AI (source-diff): Minified build artifact in dist/chunks/mermaid.esm.min/; samples show legitimate mermaid layout/parser code. Expected output for this package. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm.min/chunk-7RZVMHOQ.mjs | AI (source-diff): Sample shows Babel transpiler runtime helpers (_arrayLikeToArray, _classCallCheck, etc.), not dropper/loader malware. False positive for this build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-HJPYDYFQ.mjs | AI (source-diff): Non-minified ESM build artifact; samples show readable mermaid C4 diagram parser code. Expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-7AWUDI2P.mjs | AI (source-diff): Minified build artifact; samples show jison-generated C4 diagram parser code. Expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-WDLGXV4W.mjs | AI (source-diff): Minified build artifact; samples show jison-generated block diagram parser code. Expected output for this package. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-SQLIB6GY.mjs | AI (source-diff): Mermaid ESM bundle for C4 diagram — readable source with named imports and comments, standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-QUPJ6D2L.mjs | AI (source-diff): Mermaid ships minified ESM bundles as part of its standard build output. Long lines are minified diagram parser/renderer code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-35YXROCK.mjs | AI (source-diff): Standard minified build artifact for mermaid's block diagram module. Recognizable parser table structure in sample. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-D56OP6S4.mjs | AI (source-diff): Standard minified build artifact for mermaid's C4 diagram module. Recognizable parser table structure in sample. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-FPNF74CW.mjs | AI (source-diff): Mermaid core bundle for C4 diagram — readable source with named imports and comments, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-YG6GDRKO.mjs | AI (source-diff): Core ESM chunk for c4 diagram. Standard mermaid build artifact with readable source. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-4X3Z3J56.mjs | AI (source-diff): Mermaid ships minified ESM bundles as part of its standard build output. These are legitimate build artifacts, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-BWRZOBD3.mjs | AI (source-diff): Standard minified ESM chunk from mermaid's build pipeline. Contains recognizable jison parser tables and diagram code. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-3CMHLY2Z.mjs | AI (source-diff): Standard ESM build artifact for mermaid's c4 diagram module. Code is readable and matches known mermaid source patterns. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-Q5SP5FFD.mjs | AI (source-diff): Minified version of c4Diagram ESM chunk. Standard mermaid build output. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm/chunk-2N6VOINK.mjs | AI (source-diff): Contains bundled cytoscape.js (explicitly labeled in source comment). Network+exec pattern is cytoscape's graph layout code, not malware. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm.min/chunk-7SRKK4IT.mjs | AI (source-diff): Minified cytoscape.js bundle. The net-exec pattern is standard graph library code, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-GXAZU6X5.mjs | AI (source-diff): Standard Vite/Rollup minified ESM build artifact for mermaid's diagram rendering. Minified dist files are expected for this package. | ai | |
| source-diff | net-exec-file:dist/chunks/mermaid.esm/chunk-COUQ6RZ3.mjs | AI (source-diff): Bundled cytoscape.esm.mjs library. 'Network' pattern is typeof Symbol checks; 'exec' pattern is Babel class helpers. No actual network calls or dynamic code execution. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-AAMF2YG6.mjs | AI (source-diff): Standard ESM core chunk containing jison-generated c4Diagram parser. Expected build artifact for mermaid. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-SNKOAWKG.mjs | AI (source-diff): Standard ESM chunk containing jison-generated c4Diagram parser. Expected build artifact for mermaid. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-S26XAWAN.mjs | AI (source-diff): Standard minified ESM chunk containing jison-generated c4Diagram parser. Expected build artifact for mermaid. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-HV7WRKX4.mjs | AI (source-diff): Standard Vite/Rollup minified ESM build artifact containing jison-generated parser code. Expected for mermaid's build output. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version jump (v10→v11) with new diagram types and deps explains 39 new chunk files. Expected for mermaid's Vite-chunked build. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/stateDiagram-T6B4JHBO.mjs | AI (source-diff): Standard minified state diagram chunk — legitimate mermaid build output. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/requirementDiagram-PT7ZJY3I.mjs | AI (source-diff): Standard minified build artifact for requirement diagram renderer. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/requirementDiagram-3NS7YNCK.mjs | AI (source-diff): Standard minified/chunked build artifact for requirement diagram renderer. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/mindmap-definition-YDONIZRL.mjs | AI (source-diff): Standard minified mindmap diagram chunk with readable parser table structure. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/erDiagram-4KHZDIAV.mjs | AI (source-diff): Standard minified build artifact for ER diagram renderer. Readable parser table structure in sample. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/dagre-5ZHZFEXP.mjs | AI (source-diff): Standard minified build artifact. Sample shows dagre graph layout code — legitimate bundled dependency. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-MFEFEJY7.mjs | AI (source-diff): Standard Vite/Rollup minified build artifact for mermaid's diagram chunks. Samples show readable parser/class code, not malicious obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): Mermaid migrated to GitHub Actions CI/CD publishing with SLSA provenance. The sidv→GitHub Actions transition reflects automated release pipeline adoption, not a compromise. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/ganttDiagram-CHC5DFEG.mjs | AI (source-diff): Standard minified Gantt diagram chunk. Sample shows dayjs plugin code — legitimate bundled dependency. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/flowDiagram-TD5NMDKU.mjs | AI (source-diff): Non-minified ESM chunk with readable named imports — legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/flowDiagram-COCTKB5R.mjs | AI (source-diff): Standard minified flowchart diagram chunk. Sample shows FlowDB class and sanitizeText — legitimate mermaid code. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/erDiagram-NUSZGL2K.mjs | AI (source-diff): Non-minified ESM chunk with fully readable named exports — flagged only due to long import lines. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-HVIF2XTT.mjs | AI (source-diff): Standard build artifact; shows jison parser output for C4 diagrams with readable imports, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-QTIGHTN5.mjs | AI (source-diff): Standard minified build artifact for mermaid's architecture diagram module; samples show recognizable jison parser and cytoscape layout code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-GPMAACGM.mjs | AI (source-diff): Standard build artifact with readable source structure; shows jison parser output for C4 diagrams, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-AKI3UION.mjs | AI (source-diff): Standard minified build artifact; samples show jison-generated parser tables for C4 diagram syntax, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-MYUW6R5Q.mjs | AI (source-diff): Standard minified build artifact; samples show jison-generated parser tables for block diagram syntax, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/blockDiagram-IGV67L2C.mjs | AI (source-diff): Minified ESM bundle chunk — standard Vite/Rollup build output for mermaid. SLSA provenance confirms CI/CD origin. Not obfuscation. | ai | |
| phantom-deps | phantom-dep:@types/d3 | AI (phantom-deps): @types/d3 is intentionally listed as a runtime dep in mermaid for type augmentation purposes — known quirk of this package, not a security issue. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm/c4Diagram-JF72RV2H.mjs | AI (source-diff): Jison-generated parser bundled into ESM chunk — standard mermaid build output. SLSA provenance confirms CI/CD origin. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/c4Diagram-DFAF54RM.mjs | AI (source-diff): Minified ESM bundle chunk with jison parser tables — standard mermaid build output. SLSA provenance confirms CI/CD origin. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.core/c4Diagram-AHTNJAMY.mjs | AI (source-diff): Jison-generated parser bundled into ESM chunk — standard mermaid build output. SLSA provenance confirms CI/CD origin. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chunks/mermaid.esm.min/architectureDiagram-EMZXCZ2Q.mjs | AI (source-diff): Minified ESM bundle chunk — standard Vite/Rollup build output for mermaid. SLSA provenance confirms CI/CD origin. Not obfuscation. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 11.15.0 | 21 / 39 | |
| 11.14.0 | 21 / 41 | |
| 11.13.0 | 21 / 41 | |
| 11.12.3 | 20 / 41 | |
| 11.12.2 | 20 / 41 | |
| 11.12.1 | 20 / 41 | |
| 11.12.0 | 20 / 41 | |
| 11.11.0 | 20 / 41 | |
| 11.10.1 | 20 / 41 | |
| 11.10.0 | 20 / 41 |
v11.15.0
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.14.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.13.0
8 findingsThis version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.12.3
7 findingsThis version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.12.2
13 findingsThis version was published by a different npm account than previous versions on 2025-12-02. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.12.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.12.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.11.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.10.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.10.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.