@86d-app/seo
SEO management module for 86d commerce platform — meta tags, redirects, and sitemaps
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Appears only in endpoint-security test file as a path traversal test input, not production credential access. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 0.0.40 | 1 / 5 | |
| 0.0.30 | 1 / 5 | |
| 0.0.26 | 1 / 5 | |
| 0.0.25 | 1 / 5 | |
| 0.0.24 | 1 / 5 | |
| 0.0.23 | 1 / 5 | |
| 0.0.22 | 1 / 5 | |
| 0.0.21 | 1 / 5 | |
| 0.0.19 | 1 / 5 | |
| 0.0.18 | 1 / 5 | |
| 0.0.17 | 1 / 5 | |
| 0.0.16 | 1 / 5 |
v0.0.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.30
3 findingsAccessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/86d-app/86d/blob/f5c3606cdb3fd160b7cda8b1375e0aa40aec6b12/src/__tests__/endpoint-security.test.ts#L296 294 | it("stores path traversal sequences as-is after normalization", async () => { 295 | const tag = await controller.upsertMetaTag({ > 296 | path: "/../../etc/passwd", 297 | title: "Traversal", 298 | });
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/86d-app/86d/blob/f5c3606cdb3fd160b7cda8b1375e0aa40aec6b12/src/__tests__/endpoint-security.test.ts#L301 299 | 300 | // normalizePath trims trailing slashes and ensures leading slash > 301 | expect(tag.path).toBe("/../../etc/passwd"); 302 | }); 303 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.