miniflare
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_className-BYAEPn1f.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | net-exec-file:dist/local-explorer-ui/assets/TableSelect-DbDI8UzX.js | AI (source-diff): Bundled UI component with fetch calls and React rendering; not malicious dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/TableSelect-DbDI8UzX.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/table-inweecadl3her7pd-K3B5nPBk.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/Breadcrumbs-Dp_NrZTn.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_workflowName-r8X_hcGP.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_namespaceId-DquP6_M4.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_instanceId-qPBU-gPC.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_bucketName-CvQcRh2u.js | AI (source-diff): Vite-bundled UI assets from @cloudflare/local-explorer-ui; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/Spinner.es-BqhKnsyF.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/routes-Bl2IvWER.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/ResourceError-C0l5EX0e.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/object._-BAabMvJz.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/input-group-lxdd09p60cf27pe1-BwmC8ijh.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/index-BLt9UbtI.js | AI (source-diff): Vite-bundled UI assets; main bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/format-BdNBChB_.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dropdown-ncwhcd912vmone8k-BaXbWDVe.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dialog-oqh8l3l3zutpibxx-CisvR-ku.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/checkbox-kt1uojk2f9e0d0h1-qT9xdYL9.js | AI (source-diff): Vite-bundled UI assets; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_workflowName-DrmfJPQE.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_namespaceId-YRMs_gif.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_instanceId-Di7K-HGx.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_className-abAMBCC9.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; minified React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_bucketName-BzfEGDEh.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; minified React components, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/src/shared/dev-registry.worker.js | AI (source-diff): Dev registry worker inherently uses network + code exec; core to miniflare's purpose. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/button-cdxnqcgzwko8ooha-DePtDphh.js | AI (source-diff): Vite-bundled UI assets for local-explorer-ui; standard minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/api-CJ3Zq7MY.js | AI (source-diff): Vite-bundled UI asset; readable React/JSX patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/Breadcrumbs-PAPh5eEw.js | AI (source-diff): Vite-bundled UI asset; standard React component code. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_bucketName-QLT8q3OA.js | AI (source-diff): Vite-bundled UI asset with SVG icon maps; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_className-Bb7dJrJX.js | AI (source-diff): Vite-bundled UI asset; readable component code. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_instanceId-DjVue4_V.js | AI (source-diff): Vite-bundled UI asset; SVG icon maps and React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_namespaceId-BvoJ_sKY.js | AI (source-diff): Vite-bundled UI asset; readable form/input component code. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_workflowName-C3WPgjiV.js | AI (source-diff): Vite-bundled UI asset; SVG icons and React components. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/checkbox-kt1uojk2f9e0d0h1-B7n5h7Tt.js | AI (source-diff): Vite-bundled UI asset; standard minified component. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dialog-oqh8l3l3zutpibxx-C3V2uifQ.js | AI (source-diff): Vite-bundled UI asset; standard minified component. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dropdown-ncwhcd912vmone8k-BHDljwjw.js | AI (source-diff): Vite-bundled UI asset; standard minified component. | ai | |
| source-diff | obfuscated-file:dist/src/shared/dev-registry.worker.js | AI (source-diff): Bundled worker file for miniflare's dev registry; expected for this package. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major version bump (v3→v4) added bundled local-explorer UI; expected size increase. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_bucketName-M-kLOZcl.js | AI (source-diff): Vite-bundled React UI assets; minification is expected for this package's local explorer UI. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/format-B0EMGgEF.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/index-Ce3gzIBs.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/input-group-lxdd09p60cf27pe1-C2Y9HCwU.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/object._-BDuVq1qR.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dropdown-ncwhcd912vmone8k-DVV6Sbe9.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/dialog-oqh8l3l3zutpibxx-CmNbtenR.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/checkbox-kt1uojk2f9e0d0h1-B2Sjw1se.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/button-cdxnqcgzwko8ooha-BXmaJtvX.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/Breadcrumbs-7gi9Sm_0.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/api-BEbo23SC.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_workflowName-CJ7vNEnF.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_namespaceId-Cj8P3hob.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_instanceId-Coaiex_q.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_className-ogxk8SWG.js | AI (source-diff): Vite-bundled React UI assets; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/index-BoXiBFQc.js | AI (source-diff): Vite-bundled UI entry point; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_namespaceId-DhUKuwRB.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_instanceId-B_cl_WGF.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_bucketName-DcgsA1N2.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_className-yCNYCcEf.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| phantom-deps | phantom-dep:youch | AI (phantom-deps): Error display lib loaded dynamically at runtime. | ai | |
| phantom-deps | phantom-dep:workerd | AI (phantom-deps): Runtime binary dependency; spawned as subprocess. | ai | |
| phantom-deps | phantom-dep:sharp | AI (phantom-deps): Runtime binary dependency; not directly imported in JS. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New local-explorer-ui bundle with hash-named chunks; expected for UI additions. | ai | |
| source-diff | net-exec-file:dist/local-explorer-ui/assets/TableSelect-BBVy_58O.js | AI (source-diff): Bundled UI component with fetch + dynamic import; standard SPA pattern. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/TableSelect-BBVy_58O.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/routes-CwCf2IaF.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/object._-QB6PNFoI.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/local-explorer-ui/assets/_workflowName-BYyenyTl.js | AI (source-diff): Vite-bundled UI assets; minified React components, not obfuscation. | ai |
Versions (showing 45 of 45)
| Version | Deps | Published |
|---|---|---|
| 4.20260526.0 | 6 / 49 | |
| 4.20260521.0 | 6 / 49 | |
| 4.20260520.0 | 6 / 49 | |
| 4.20260518.0 | 6 / 49 | |
| 4.20260515.0 | 6 / 49 | |
| 4.20260511.0 | 6 / 49 | |
| 4.20260508.0 | 6 / 49 | |
| 4.20260507.1 | 6 / 49 | |
| 4.20260507.0 | 6 / 49 | |
| 4.20260504.0 | 6 / 49 | |
| 4.20260430.0 | 6 / 49 | |
| 4.20260426.0 | 6 / 49 | |
| 4.20260415.0 | 6 / 51 | |
| 4.20260410.0 | 6 / 51 | |
| 4.20260405.0 | 6 / 51 | |
| 4.20250813.0 | 12 / 45 | |
| 4.20250803.1 | 12 / 45 | |
| 4.20250803.0 | 12 / 45 | |
| 4.20250730.0 | 12 / 44 | |
| 4.20250726.0 | 12 / 44 | |
| 4.20250712.2 | 12 / 44 | |
| 4.20250712.1 | 12 / 44 | |
| 4.20250712.0 | 12 / 44 | |
| 4.20250709.0 | 12 / 44 | |
| 4.20250705.0 | 12 / 44 | |
| 4.20250617.5 | 12 / 43 | |
| 4.20250617.4 | 12 / 43 | |
| 4.20250617.3 | 12 / 43 | |
| 4.20250617.2 | 12 / 43 | |
| 4.20250617.1 | 12 / 43 | |
| 4.20250617.0 | 12 / 43 | |
| 4.20250612.0 | 12 / 43 | |
| 4.20250604.1 | 12 / 43 | |
| 4.20250604.0 | 12 / 42 | |
| 4.20250525.1 | 12 / 42 | |
| 4.20250525.0 | 12 / 40 | |
| 4.20250523.0 | 12 / 40 | |
| 4.20250508.3 | 12 / 40 | |
| 4.20250508.2 | 11 / 40 | |
| 4.20250508.1 | 11 / 40 | |
| 4.20250508.0 | 11 / 40 | |
| 4.20250507.0 | 11 / 40 | |
| 4.20250428.1 | 11 / 40 | |
| 4.20250428.0 | 11 / 40 | |
| 3.20250718.3 | 11 / 38 |
v4.20260526.0
20 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260521.0
20 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260520.0
20 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260518.0
20 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260515.0
20 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260511.0
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260508.0
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260507.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260507.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260504.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260430.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260426.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260415.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260410.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20260405.0
26 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20250813.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250803.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250803.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250730.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250726.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250712.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250712.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250712.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250709.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250705.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250617.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250612.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250604.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250604.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250525.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250525.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250523.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250508.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250508.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250508.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20250508.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.20250507.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.20250428.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.20250428.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.20250718.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.