← Home

vidstack

npm Repository Homepage
11
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mihar-22

Keywords

accessibleanalyticsaudiocustomizabledailymotionelementsextensiblefileframework-agnosticheadlesshlshtml5jwplayermediaplyrplayerspec-complianttailwinduniversaluploadervdsvideovideojsvidstackvimevimeoweb-componentuniversalyoutube

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:cdn/with-layouts/providers/vidstack-youtube-DUm2ZnlA.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/chunks/vidstack-D1Fg9ecc.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-Cwmy4rRE.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-CN2DhJ-S.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/providers/vidstack-youtube-DXATH6iZ.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/providers/vidstack-vimeo-BsKFou57.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/providers/vidstack-vimeo-BkpNeY3U.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-jLF0WICI.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/providers/vidstack-hls-Cj2rsUMV.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/providers/vidstack-hls-BIIxRAVI.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/providers/vidstack-google-cast-LXLWLpEe.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/providers/vidstack-google-cast-DqXloMun.js AI (source-diff): Minified CDN provider chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/chunks/vidstack-eHgcCOsA.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/chunks/vidstack-DDmgO8_U.js AI (source-diff): Minified CDN chunk; standard vidstack build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BCRgZim1.js AI (source-diff): Standard minified CDN bundle for vidstack media player; no malicious patterns. ai
source-diff obfuscated-file:cdn/chunks/vidstack-05hW9Mpu.js AI (source-diff): Standard minified CDN bundle for vidstack media player; no malicious patterns. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-9xQDPxTU.js AI (source-diff): Standard minified CDN bundle for vidstack media player; no malicious patterns. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BY3BPfbo.js AI (source-diff): Standard minified CDN bundle for vidstack media player; no malicious patterns. ai
source-diff obfuscated-file:cdn/chunks/vidstack-C8x5Ue5N.js AI (source-diff): Standard minified CDN bundle for vidstack media player; no malicious patterns. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-CmBX-l9G.js AI (source-diff): Minified CDN bundle output; same DASH provider pattern as other chunks, standard build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-9piNE1SY.js AI (source-diff): Minified CDN bundle output; readable ES module code with named imports, not obfuscation. ai
source-diff obfuscated-file:cdn/chunks/vidstack-BsM-Nbx4.js AI (source-diff): Minified CDN bundle output; DASH provider logic clearly readable, not obfuscation. ai
source-diff obfuscated-file:cdn/chunks/vidstack-BuCMY3wG.js AI (source-diff): Minified CDN bundle; reactive signal system code, standard build artifact. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BY9sVQlM.js AI (source-diff): Standard minified ESM bundle chunk; AudioContext/media logic, no malicious patterns. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BBfcQIbe.js AI (source-diff): Standard minified ESM bundle chunk; DASH provider logic, no malicious patterns. ai
source-diff obfuscated-file:cdn/chunks/vidstack-CfDKwkUv.js AI (source-diff): Standard minified CDN chunk; readable DOM utility and floating-ui code. ai
source-diff obfuscated-file:cdn/chunks/vidstack-CDrMLAjP.js AI (source-diff): Standard minified CDN chunk; readable reactive signal/scope implementation. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BljmbPtk.js AI (source-diff): Standard minified CDN chunk; readable audio context and media provider code. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BLeIQEdI.js AI (source-diff): Standard minified CDN chunk; readable floating-ui and DOM utility code. ai
source-diff obfuscated-file:cdn/chunks/vidstack-6Nr1toD_.js AI (source-diff): Standard minified CDN chunk for a media player library; content is readable bundled JS, not malicious. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BhlShf5j.js AI (source-diff): Standard minified CDN chunk; same pattern as other vidstack CDN bundles. ai
publish-pattern rapid-publish AI (publish-pattern): Active library with frequent releases; rapid publish is consistent with patch/hotfix workflow. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-2m_nt-Zk.js AI (source-diff): Minified CDN chunk with readable vidstack media player logic; expected build artifact. ai
source-diff large-new-source-files AI (source-diff): Major version bump from 0.x to 1.x; large file count increase is expected for a media player library with CDN/dev/prod bundles. ai
source-diff obfuscated-file:cdn/with-layouts/chunks/vidstack-BL0Z6O3t.js AI (source-diff): Minified CDN chunk; standard build output for this package. ai
source-diff obfuscated-file:cdn/chunks/vidstack-BjIKgAlK.js AI (source-diff): Minified CDN chunk; standard build output for this package. ai
source-diff obfuscated-file:cdn/chunks/vidstack-Ah9uMJFb.js AI (source-diff): Minified CDN chunk; standard build output for this package. ai
source-diff obfuscated-file:plugins.js AI (source-diff): Standard minified build output for vidstack's plugin system; no malicious patterns. ai
provenance no-provenance AI (provenance): Established package with long history; lack of provenance is common and not a risk signal here. ai
phantom-deps phantom-dep:type-fest AI (phantom-deps): type-fest is a type-only dependency used in .d.ts files; not directly imported at runtime but legitimately declared. ai

Versions (showing 11 of 11)

Version Deps Published
1.15.6 5 / 0
1.15.5 5 / 0
1.15.4 4 / 0
1.15.3 4 / 0
1.15.2 4 / 0
1.15.1 4 / 0
1.15.0 4 / 0
1.14.0 4 / 0
1.13.1 4 / 0
1.13.0 4 / 0
0.6.15 3 / 24

v1.15.6

5 findings
HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-9piNE1SY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BsM-Nbx4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BuCMY3wG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CmBX-l9G.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.5

6 findings
HIGH New obfuscated file: cdn/chunks/vidstack-05hW9Mpu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-9xQDPxTU.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BCRgZim1.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BY3BPfbo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-C8x5Ue5N.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.4

19 findings
HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-9piNE1SY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BsM-Nbx4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BuCMY3wG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CmBX-l9G.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CN2DhJ-S.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-Cwmy4rRE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-D1Fg9ecc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-DDmgO8_U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-eHgcCOsA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-google-cast-DqXloMun.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-google-cast-LXLWLpEe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-hls-BIIxRAVI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-hls-Cj2rsUMV.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-jLF0WICI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-vimeo-BkpNeY3U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-vimeo-BsKFou57.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-youtube-DUm2ZnlA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-youtube-DXATH6iZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.3

19 findings
HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-9piNE1SY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BsM-Nbx4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BuCMY3wG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CmBX-l9G.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CN2DhJ-S.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-Cwmy4rRE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-D1Fg9ecc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-DDmgO8_U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-eHgcCOsA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-google-cast-DqXloMun.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-google-cast-LXLWLpEe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-hls-BIIxRAVI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-hls-Cj2rsUMV.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-jLF0WICI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-vimeo-BkpNeY3U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-vimeo-BsKFou57.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-youtube-DUm2ZnlA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-youtube-DXATH6iZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.2

19 findings
HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-9piNE1SY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BsM-Nbx4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BuCMY3wG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CmBX-l9G.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-CN2DhJ-S.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-Cwmy4rRE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-D1Fg9ecc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-DDmgO8_U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-eHgcCOsA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-google-cast-DqXloMun.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-google-cast-LXLWLpEe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-hls-BIIxRAVI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-hls-Cj2rsUMV.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-jLF0WICI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-vimeo-BkpNeY3U.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-vimeo-BsKFou57.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/providers/vidstack-youtube-DUm2ZnlA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/providers/vidstack-youtube-DXATH6iZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.1

7 findings
HIGH New obfuscated file: cdn/chunks/vidstack-6Nr1toD_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BhlShf5j.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BLeIQEdI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BljmbPtk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CDrMLAjP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CfDKwkUv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.0

7 findings
HIGH New obfuscated file: cdn/chunks/vidstack-6Nr1toD_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BhlShf5j.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BLeIQEdI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BljmbPtk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CDrMLAjP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CfDKwkUv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.14.0

6 findings
HIGH New obfuscated file: cdn/chunks/vidstack-6Nr1toD_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BBfcQIbe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BY9sVQlM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CDrMLAjP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-CfDKwkUv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.1

6 findings
HIGH New obfuscated file: plugins.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-2m_nt-Zk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-Ah9uMJFb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BjIKgAlK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BL0Z6O3t.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.0

6 findings
HIGH New obfuscated file: plugins.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-2m_nt-Zk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-Ah9uMJFb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/chunks/vidstack-BjIKgAlK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: cdn/with-layouts/chunks/vidstack-BL0Z6O3t.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.