@adobe/spacecat-shared-http-utils

Shared modules of the Spacecat Services - HTTP Utils

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

marbectripodgarthdblazdadobe-adminpatrickfultontrieloffshazronkrisnyedcpfsdknatebaldwindevongovettaspro83symanovidpfisterstefan-guggisbergrofekptdobeadobehallsfullcolorcoderdjaeggidylandepassmhaackamol-anandstopp-adobedotenduh_schmidtasthabh23zdahbituicufmeschbe

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Adobe org migrated publishing to GitHub Actions CI with SLSA attestation; this is the expected publisher going forward.	ai	2026/05/22
semgrep	semgrep:base64-decode	AI (semgrep): Decodes a base64-encoded public key PEM for SPKI import — standard JWT verification pattern, not malicious.	ai	2026/05/16

Versions (showing 57 of 57)

Version	Deps	Published
1.28.2	4 / 5	2026-05-30
1.28.1	4 / 5	2026-05-29
1.28.0	4 / 5	2026-05-21
1.27.2	4 / 5	2026-05-14
1.27.1	4 / 5	2026-05-12
1.27.0	4 / 5	2026-05-12
1.26.1	4 / 5	2026-05-05
1.26.0	4 / 5	2026-04-30
1.25.2	3 / 4	2026-04-04
1.25.1	3 / 4	2026-03-28
1.25.0	3 / 4	2026-03-26
1.24.1	3 / 4	2026-03-21
1.24.0	3 / 4	2026-03-19
1.23.0	3 / 4	2026-03-19
1.22.2	3 / 4	2026-03-15
1.22.1	3 / 4	2026-03-07
1.22.0	3 / 4	2026-03-06
1.21.1	3 / 4	2026-03-02
1.21.0	3 / 4	2026-02-18
1.20.1	3 / 4	2026-02-17
1.20.0	4 / 4	2026-02-03
1.19.4	4 / 4	2025-11-30
1.19.3	4 / 4	2025-11-28
1.19.2	4 / 4	2025-11-28
1.19.1	4 / 4	2025-11-28
1.19.0	4 / 4	2025-11-20
1.18.2	4 / 4	2025-11-16
1.18.1	4 / 4	2025-11-15
1.18.0	4 / 4	2025-11-06
1.17.9	4 / 4	2025-10-28
1.17.8	4 / 4	2025-10-28
1.17.7	4 / 4	2025-10-15
1.17.6	4 / 4	2025-09-25
1.17.5	4 / 4	2025-09-24
1.17.4	4 / 4	2025-09-22
1.17.3	4 / 4	2025-09-15
1.17.2	4 / 4	2025-09-09
1.17.1	4 / 4	2025-09-06
1.17.0	4 / 4	2025-08-28
1.16.0	4 / 4	2025-08-20
1.15.2	4 / 4	2025-07-21
1.15.1	4 / 4	2025-07-19
1.15.0	4 / 4	2025-07-18
1.14.4	4 / 4	2025-07-12
1.14.3	4 / 4	2025-06-23
1.14.2	4 / 4	2025-06-16
1.14.1	4 / 4	2025-06-06
1.14.0	4 / 4	2025-05-27
1.13.2	4 / 4	2025-05-21
1.13.1	4 / 4	2025-05-20
1.13.0	4 / 4	2025-05-20
1.12.1	4 / 4	2025-05-19
1.12.0	4 / 4	2025-05-19
1.11.0	4 / 4	2025-05-12
1.10.6	4 / 4	2025-05-10
1.10.5	4 / 4	2025-05-10
1.10.4	4 / 4	2025-05-07

v1.28.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.28.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.28.0

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.