vite-bundle-analyzer
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index-lbsXa06w.mjs | AI (source-diff): ESM minified bundle output; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:dist/index-aulaPyFA.js | AI (source-diff): Minified bundle output for a build tool; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BixsrqKx.js | AI (source-diff): Minified Preact client bundle; expected for a Vite plugin shipping a UI. | ai | |
| source-diff | obfuscated-file:dist/index-CwMLq6Td.mjs | AI (source-diff): ESM counterpart of bundled dist; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/index-CfkmZ4-6.js | AI (source-diff): Rollup-bundled dist output; standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/index-C_vnc0Dm.mjs | AI (source-diff): Rollup-bundled ESM dist output; minification is expected for this build-tool package. | ai | |
| source-diff | obfuscated-file:dist/index-CddWM6US.js | AI (source-diff): Rollup-bundled CJS dist output; minification is expected for this build-tool package. | ai | |
| source-diff | obfuscated-file:dist/index-CztS5mTX.js | AI (source-diff): Standard minified bundle output for this build-tool package; stable false positive. | ai | |
| source-diff | obfuscated-file:dist/index-DGLZbP4Y.mjs | AI (source-diff): ESM counterpart of the same minified bundle; stable false positive. | ai | |
| source-diff | obfuscated-file:dist/index-xNge13-u.mjs | AI (source-diff): Standard Rollup ESM bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-BXaB84qb.js | AI (source-diff): Standard Rollup CJS bundle output; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-DtOEGCzF.mjs | AI (source-diff): Bundled ESM output from rollup build; expected for this package. | ai | |
| source-diff | obfuscated-file:dist/index-BFf7o0Z1.js | AI (source-diff): Bundled CJS output from rollup build; expected for this package. | ai | |
| source-diff | obfuscated-file:dist/index-D98DLi9R.js | AI (source-diff): Rollup-bundled dist output for a build tool; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/index-CsiIdW28.mjs | AI (source-diff): ESM counterpart of the same bundle; minification is expected. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 1.3.8 | 0 / 46 | |
| 1.3.7 | 0 / 46 | |
| 1.3.6 | 0 / 46 | |
| 1.3.5 | 0 / 45 | |
| 1.3.4 | 0 / 46 | |
| 1.3.3 | 0 / 46 | |
| 1.3.2 | 0 / 45 | |
| 1.3.1 | 0 / 45 | |
| 1.3.0 | 0 / 45 | |
| 1.2.4 | 0 / 43 | |
| 1.2.3 | 0 / 43 | |
| 1.2.2 | 0 / 43 | |
| 1.2.1 | 0 / 43 | |
| 1.2.0 | 0 / 43 | |
| 1.1.2 | 0 / 40 | |
| 1.1.1 | 0 / 40 | |
| 1.1.0 | 0 / 40 | |
| 1.0.0 | 0 / 40 |
v1.3.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.