github-evidence-kit
Warn
Audited by Socket on May 31, 2026
1 alert found:
AnomalyAnomalytests/fixtures/gharchive_amazon_q_timeline_evidence.json
LOWAnomalyLOW
tests/fixtures/gharchive_amazon_q_timeline_evidence.json
No actual code/module contents were provided, so source/sink/data-flow analysis is not possible. The surrounding metadata includes multiple high-suspicion supply-chain indicators (tampering claims involving packaging scripts and a backup/payload file, an IOC commit SHA, and a later revert attempt), but malicious behavior cannot be confirmed without inspecting the referenced file contents/diffs. Treat the dependency as requiring urgent verification of the specific build/packaging artifacts and master-line commits referenced by the IOCs.
Confidence: 40%Severity: 55%
Audit Metadata