← Home

react-querybuilder

npm Repository Homepage
29
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pavanpodilajakeboone02

Keywords

reactquerybuilderquerybuilderoperatorscomponentclauseexpressionsql

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/defaults-CjxtrGpV.mjs AI (source-diff): Minified ESM build output with source maps; standard for this package. ai
source-diff obfuscated-file:dist/cjs/defaults-BGa0Vm6P.js AI (source-diff): Minified CJS build output with source maps; standard for this package. ai
source-diff obfuscated-file:dist/cjs/defaults-DG-43aVv.js AI (source-diff): Standard CJS minified bundle output for this package; not obfuscated. ai
source-diff obfuscated-file:dist/defaults-DP2ciVM_.mjs AI (source-diff): Standard ESM minified bundle output for this package; not obfuscated. ai
source-diff obfuscated-file:dist/cjs/QueryBuilderInternal-BwqvepR5.js AI (source-diff): Standard CJS bundle output for a React UI library; not obfuscated. ai
source-diff obfuscated-file:dist/cjs/selectors-eF1uIKk7.d.ts AI (source-diff): TypeScript declaration file with long type-import lines; not obfuscated. ai
source-diff obfuscated-file:dist/selectors-BGz34G2G.d.ts AI (source-diff): TypeScript declaration file with long type-import lines; not obfuscated. ai
source-diff obfuscated-file:dist/selectors-CeJZAUve.d.mts AI (source-diff): TypeScript declaration file with long type-import lines; not obfuscated. ai
source-diff obfuscated-file:dist/cjs/QueryBuilderInternal-COiFuar7.js AI (source-diff): Standard CJS bundle output; sample shows normal React component code. ai
source-diff obfuscated-file:dist/selectors-D5W5Fm21.d.ts AI (source-diff): TypeScript declaration file with long import/type lines, not obfuscation. ai
source-diff obfuscated-file:dist/cjs/selectors-CVtJeEb2.d.ts AI (source-diff): TypeScript declaration file with long import/type lines, not obfuscation. ai
source-diff obfuscated-file:dist/selectors-Cx23IzLm.d.mts AI (source-diff): TypeScript declaration file with long import/type lines, not obfuscation. ai
source-diff obfuscated-file:dist/react-querybuilder.legacy-esm.debug.js AI (source-diff): ESM legacy bundle; long import/export lines expected. ai
source-diff obfuscated-file:dist/cjs/QueryBuilderInternal-DI84K4mA.js AI (source-diff): CJS bundle output; minification is expected. ai
source-diff obfuscated-file:dist/QueryBuilderInternal-CsaHY6ZX.js AI (source-diff): Standard bundled build output for this React component library. ai
source-diff net-exec-file:dist/parseSpEL.js AI (source-diff): Bundled spel2js dependency using webpack UMD wrapper; no actual network calls. ai
source-diff obfuscated-file:dist/react-querybuilder.debug.mjs AI (source-diff): ESM debug bundle; long re-export lines expected. ai
source-diff obfuscated-file:dist/QueryBuilderInternal-CrUkpBSt.mjs AI (source-diff): ESM bundle output; standard build artifact. ai
source-diff obfuscated-file:dist/cjs/defaults-D0CcjGMM.js AI (source-diff): Standard CJS bundle output from build tooling; readable React component code, not obfuscation. ai
source-diff obfuscated-file:dist/index-Dxdojb6L.d.ts AI (source-diff): TypeScript declaration file with long import lines; not obfuscation. ai
source-diff obfuscated-file:dist/cjs/index-CW_Rquzk.d.ts AI (source-diff): TypeScript declaration file with long import lines; not obfuscation. ai
source-diff obfuscated-file:dist/index-CKUNH5Wo.d.mts AI (source-diff): TypeScript declaration file with long import lines; not obfuscation. ai
source-diff obfuscated-file:dist/cjs/QueryBuilderInternal-Beh3zChi.js AI (source-diff): Standard CJS bundle output for a React UI library; not obfuscated. ai
source-diff obfuscated-file:dist/selectors-B8GSo6OV.d.mts AI (source-diff): Bundled TypeScript declarations with long import lines; not obfuscation. ai
source-diff obfuscated-file:dist/selectors-ByLiddiX.d.ts AI (source-diff): Bundled TypeScript declarations with long import lines; not obfuscation. ai
source-diff obfuscated-file:dist/cjs/selectors-CmnAnlAh.d.ts AI (source-diff): Bundled TypeScript declarations with long import lines; not obfuscation. ai
publish-pattern dormant-publish AI (publish-pattern): Gap due to version diff baseline (v8.8.3→v8.10.0); publisher is long-standing maintainer with SLSA provenance. ai
source-diff obfuscated-file:dist/cjs/react-querybuilder.cjs.production.debug.js AI (source-diff): Minified production CJS bundle; standard build artifact. ai
source-diff obfuscated-file:dist/cjs/react-querybuilder.cjs.development.debug.js AI (source-diff): Standard CJS bundle output from esbuild; not obfuscated. ai
source-diff large-new-source-files AI (source-diff): Major version jump (v6→v8) naturally adds many files; legitimate growth. ai
source-diff obfuscated-file:dist/react-querybuilder.production.debug.mjs AI (source-diff): Minified ESM production bundle; standard build artifact. ai
source-diff obfuscated-file:dist/cjs/index-DE2I7dH8.d.ts AI (source-diff): CJS TypeScript declaration bundle; long lines from type definitions, not obfuscation. ai
source-diff obfuscated-file:dist/index-j_WbTz3x.d.ts AI (source-diff): TypeScript declaration bundle; standard build output with long type definition lines. ai
source-diff obfuscated-file:dist/cjs/defaults-CbhYCkvn.js AI (source-diff): Minified CJS bundle output with readable React component code; standard build artifact for this package. ai
source-diff obfuscated-file:dist/defaults-ilE2Nhxw.mjs AI (source-diff): Minified ESM bundle output with standard React imports; build artifact, not obfuscation. ai
source-diff obfuscated-file:dist/index-BtVfLjYK.d.mts AI (source-diff): TypeScript declaration bundle with long type definition lines; not obfuscated code. ai
source-diff obfuscated-file:dist/index-CfYDBuoo.d.mts AI (source-diff): Bundler-generated TypeScript declaration file with long import lines; standard build artifact. ai
source-diff obfuscated-file:dist/index-CJ_xNf4H.d.ts AI (source-diff): Bundler-generated TypeScript declaration file; standard build artifact. ai
source-diff obfuscated-file:dist/cjs/index-C2koG0fE.d.ts AI (source-diff): Bundler-generated TypeScript declaration file; standard build artifact. ai
source-diff obfuscated-file:dist/cjs/defaults-D1GGb3V5.js AI (source-diff): Standard minified CJS bundle output from build toolchain; readable React component code, not obfuscation. ai
source-diff obfuscated-file:dist/defaults-mONjSyj5.mjs AI (source-diff): Standard minified ESM bundle output from build toolchain; readable React component code, not obfuscation. ai
source-diff obfuscated-file:dist/cjs/defaults-BEGWID14.js AI (source-diff): Standard CJS bundle chunk with minified React component code; not obfuscated. ai
source-diff obfuscated-file:dist/index-ByIV7_Fn.d.ts AI (source-diff): TypeScript declaration file with bundled type definitions; not obfuscated. ai
source-diff obfuscated-file:dist/index-ByOIcr_e.d.mts AI (source-diff): TypeScript declaration file with long import lines from bundler output; not obfuscated. ai
source-diff obfuscated-file:dist/cjs/index-D79qEKcc.d.ts AI (source-diff): CJS TypeScript declaration file; long lines from bundled type imports. ai
source-diff obfuscated-file:dist/react-querybuilder.legacy-esm.d.ts AI (source-diff): Bundled TypeScript declaration file; long lines from bundler, not obfuscation. ai
source-diff obfuscated-file:dist/cjs/react-querybuilder.cjs.production.debug.d.ts AI (source-diff): Bundled TypeScript declaration re-exports; standard bundler output. ai
source-diff obfuscated-file:dist/cjs/react-querybuilder.cjs.development.debug.d.ts AI (source-diff): Bundled TypeScript declaration re-exports; standard bundler output. ai
source-diff obfuscated-file:dist/index-JBfP2YhA.d.ts AI (source-diff): TypeScript declaration file with long import lines from bundler output; not obfuscation. ai
source-diff obfuscated-file:dist/cjs/index-BOVxaFa6.d.ts AI (source-diff): TypeScript declaration file with long import lines from bundler output; not obfuscation. ai
source-diff obfuscated-file:dist/react-querybuilder.production.debug.d.mts AI (source-diff): Bundled TypeScript declaration re-exports; long lines are standard bundler output. ai
source-diff obfuscated-file:dist/react-querybuilder.debug.d.mts AI (source-diff): Bundled TypeScript declaration re-exports; long lines are standard bundler output. ai
source-diff obfuscated-file:dist/index-D3JEI-JA.d.mts AI (source-diff): TypeScript declaration file with long import lines from bundler output; not obfuscation. ai
source-diff obfuscated-file:dist/cjs/defaults-B_HAlgZZ.js AI (source-diff): Standard minified CJS bundle output for a React component library; content is clearly readable React code. ai
source-diff obfuscated-file:dist/react-querybuilder.legacy-esm.debug.d.ts AI (source-diff): Bundled TypeScript declaration file; long lines from bundler, not obfuscation. ai
source-diff obfuscated-file:dist/cjs/defaults-C8GR3Tnu.js AI (source-diff): Minified build output (CJS bundle) with source maps included. Contains standard React component code, not obfuscation. ai
provenance publisher-changed AI (provenance): Transition from manual (jakeboone02) to GitHub Actions CI/CD publishing with SLSA provenance attestation. Standard modern practice. ai
provenance slsa-provenance AI (provenance): Valid SLSA provenance attestation confirms CI/CD publishing integrity. ai
source-diff obfuscated-file:dist/defaults-Lvgl_od3.mjs AI (source-diff): Minified build output (ESM bundle) with source maps included. Contains standard React component code, not obfuscation. ai
dependencies unvetted-dep:@react-querybuilder/core AI (dependencies): @react-querybuilder/core is the package's own scoped monorepo sibling; it is expected and benign for this package to depend on it. ai

Versions (showing 29 of 29)

Version Deps Published
8.17.0 3 / 16
8.16.2 3 / 16
8.16.1 3 / 16
8.16.0 3 / 16
8.15.0 3 / 16
8.14.4 3 / 22
8.14.3 3 / 22
8.14.2 3 / 22
8.14.1 3 / 22
8.14.0 4 / 23
8.13.0 4 / 23
8.12.0 4 / 23
8.11.2 4 / 23
8.11.1 4 / 23
8.11.0 5 / 23
8.10.0 5 / 23
8.9.2 5 / 21
8.9.1 5 / 21
8.8.4 4 / 36
8.8.3 4 / 36
8.8.2 4 / 36
8.8.1 4 / 36
8.8.0 4 / 36
8.7.1 4 / 36
8.7.0 4 / 36
8.6.2 4 / 31
8.6.1 4 / 31
8.6.0 4 / 31
6.5.1 2 / 24

v8.17.0

3 findings
HIGH New obfuscated file: dist/cjs/defaults-BGa0Vm6P.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-CjxtrGpV.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.16.2

3 findings
HIGH New obfuscated file: dist/cjs/defaults-DG-43aVv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-DP2ciVM_.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.16.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.16.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.15.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.14.4

4 findings
HIGH Publisher changed: jakeboone02 → GitHub Actions (on 2026-04-01) provenance

This version was published by a different npm account than previous versions on 2026-04-01. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/cjs/defaults-C8GR3Tnu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-Lvgl_od3.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.14.3

4 findings
HIGH Publisher changed: jakeboone02 → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/cjs/defaults-C8GR3Tnu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-Lvgl_od3.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.14.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.14.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.14.0

12 findings
HIGH New obfuscated file: dist/cjs/defaults-CbhYCkvn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-ilE2Nhxw.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BtVfLjYK.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-DE2I7dH8.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-j_WbTz3x.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.13.0

12 findings
HIGH New obfuscated file: dist/cjs/defaults-D1GGb3V5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/defaults-mONjSyj5.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CfYDBuoo.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-C2koG0fE.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CJ_xNf4H.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.12.0

11 findings
HIGH New obfuscated file: dist/cjs/defaults-BEGWID14.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-ByOIcr_e.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-ByIV7_Fn.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-D79qEKcc.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.11.2

11 findings
HIGH New obfuscated file: dist/cjs/defaults-B_HAlgZZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D3JEI-JA.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-BOVxaFa6.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-JBfP2YhA.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.debug.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.11.1

5 findings
HIGH New obfuscated file: dist/cjs/defaults-D0CcjGMM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CKUNH5Wo.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-CW_Rquzk.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-Dxdojb6L.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.11.0

5 findings
HIGH New obfuscated file: dist/cjs/defaults-D0CcjGMM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CKUNH5Wo.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/index-CW_Rquzk.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-Dxdojb6L.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.10.0

5 findings
HIGH New obfuscated file: dist/cjs/QueryBuilderInternal-Beh3zChi.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-B8GSo6OV.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-ByLiddiX.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/selectors-CmnAnlAh.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.9.2

5 findings
HIGH New obfuscated file: dist/cjs/QueryBuilderInternal-COiFuar7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-Cx23IzLm.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/selectors-CVtJeEb2.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-D5W5Fm21.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.9.1

6 findings
HIGH New obfuscated file: dist/cjs/QueryBuilderInternal-BwqvepR5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-CeJZAUve.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/selectors-BGz34G2G.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/selectors-eF1uIKk7.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.8.4

9 findings
HIGH New file with network + code execution: dist/parseSpEL.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/QueryBuilderInternal-CsaHY6ZX.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/QueryBuilderInternal-DI84K4mA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.legacy-esm.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/QueryBuilderInternal-CrUkpBSt.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.8.3

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.8.2

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.8.1

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.8.0

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.7.1

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.7.0

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.2

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.1

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.0

4 findings
HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.development.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cjs/react-querybuilder.cjs.production.debug.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/react-querybuilder.production.debug.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.