@adobe/helix-rum-js No license 20 versions

@adobe/helix-rum-js

npm Repository Homepage

20

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

marbectripodgarthdblazdadobe-adminpatrickfultontrieloffshazronkrisnyedcpfsdknatebaldwindevongovettaspro83symanovidpfisterstefan-guggisbergrofekptdobeadobehallsfullcolorcoderdjaeggidylandepassmhaackamol-anandstopp-adobedotenduh_schmidtasthabh23zdahbituicufmeschbe

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Adobe org migrated publishing to GitHub Actions CI/CD with SLSA attestation; stable pattern for this package going forward.	ai	2026/04/28
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy explained by CI/CD migration; package is an established Adobe project with verified provenance.	ai	2026/04/28

Versions (showing 20 of 20)

Version	Deps	Published
2.15.0	0 / 31	2026-05-20
2.14.4	0 / 31	2026-05-13
2.14.3	0 / 31	2026-04-14
2.14.2	0 / 31	2026-02-23
2.14.1	0 / 31	2026-02-18
2.14.0	0 / 31	2025-11-15
2.13.7	0 / 31	2025-11-14
2.13.6	0 / 31	2025-10-17
2.13.3	0 / 31	2025-10-10
2.13.2	0 / 31	2025-10-10
2.13.1	0 / 31	2025-10-08
2.13.0	0 / 31	2025-10-08
2.12.2	0 / 31	2025-07-17
2.12.1	0 / 29	2025-05-23
2.12.0	0 / 29	2025-05-23
2.11.4	0 / 28	2025-05-21
2.11.3	0 / 28	2025-05-21
2.11.2	0 / 28	2025-05-21
2.11.1	0 / 28	2025-05-21
2.11.0	0 / 28	2025-05-21

v2.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.12.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.11.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.