@adobe/spacecat-shared-utils

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

marbectripodgarthdblazdadobe-adminpatrickfultontrieloffshazronkrisnyedcpfsdknatebaldwindevongovettaspro83symanovidpfisterstefan-guggisbergrofekptdobeadobehallsfullcolorcoderdjaeggidylandepassmhaackamol-anandstopp-adobedotenduh_schmidtasthabh23zdahbituicufmeschbe

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Adobe org migrated publishing to GitHub Actions CI/CD; SLSA provenance attestation confirms supply chain integrity.	ai	2026/05/31
dependencies	unvetted-dep:@adobe/spacecat-shared-ims-client	AI (dependencies): First-party Adobe/spacecat package from the same org and publisher lineage.	ai	2026/05/26
dependencies	unvetted-dep:aws-xray-sdk	AI (dependencies): aws-xray-sdk is an official AWS observability SDK; no malware indicators, stable dependency for this package.	ai	2026/05/14
dependencies	unvetted-dep:@json2csv/plainjs	AI (dependencies): @json2csv/plainjs is a well-known CSV conversion library; no malware indicators, stable dependency for this package.	ai	2026/05/14

Versions (showing 51 of 53)

View all versions

Version	Deps	Published
1.116.6	14 / 10	2026-06-04
1.116.5	14 / 10	2026-05-30
1.116.4	14 / 10	2026-05-29
1.116.3	14 / 10	2026-05-27
1.116.2	14 / 10	2026-05-23
1.116.1	14 / 10	2026-05-22
1.116.0	14 / 10	2026-05-21
1.115.4	14 / 10	2026-05-14
1.114.0	13 / 10	2026-05-04
1.112.4	13 / 10	2026-04-09
1.112.0	13 / 10	2026-04-02
1.111.0	13 / 9	2026-04-01
1.110.0	13 / 9	2026-04-01
1.109.0	13 / 9	2026-03-30
1.107.0	13 / 9	2026-03-30
1.105.0	13 / 9	2026-03-19
1.104.0	13 / 9	2026-03-19
1.103.0	13 / 9	2026-03-18
1.102.1	13 / 9	2026-03-15
1.102.0	13 / 9	2026-03-12
1.100.0	13 / 9	2026-03-05
1.98.0	13 / 9	2026-02-27
1.96.3	13 / 9	2026-02-25
1.96.2	13 / 9	2026-02-25
1.96.1	13 / 9	2026-02-13
1.96.0	13 / 9	2026-02-12
1.92.0	13 / 9	2026-02-10
1.91.0	13 / 9	2026-02-08
1.90.2	13 / 9	2026-02-05
1.88.0	13 / 9	2026-01-22
1.86.0	13 / 9	2025-12-12
1.85.1	13 / 9	2025-12-11
1.84.0	13 / 9	2025-12-10
1.83.0	13 / 9	2025-12-10
1.81.1	12 / 9	2025-11-28
1.81.0	12 / 9	2025-11-26
1.78.1	12 / 9	2025-11-22
1.77.0	12 / 9	2025-11-20
1.76.0	12 / 9	2025-11-20
1.72.1	12 / 9	2025-11-13
1.70.1	12 / 9	2025-11-08
1.70.0	12 / 9	2025-11-06
1.69.1	12 / 9	2025-10-30
1.67.0	12 / 9	2025-10-29
1.66.1	12 / 9	2025-10-28
1.66.0	14 / 9	2025-10-28
1.53.0	11 / 9	2025-10-02
1.44.0	9 / 8	2025-07-28
1.42.1	9 / 8	2025-06-28
1.41.2	9 / 8	2025-06-23
1.37.3	6 / 9	2025-05-10

v1.116.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.4

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-29) provenance

This version was published by a different npm account than previous versions on 2026-05-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.3

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-27) provenance

This version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.2

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-23) provenance

This version was published by a different npm account than previous versions on 2026-05-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.1

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-22) provenance

This version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.116.0

2 findings

HIGH Publisher changed: adobe-admin → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.