← Home

@adonisjs/bodyparser

npm Repository Homepage
7
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

romainlanzvirkjulien-r44

Keywords

adonisjsbodyparsermultipart

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@types/qs AI (phantom-deps): @types/qs is a type-only dependency legitimately listed in dependencies for TS consumers; stable false positive for this package. ai
typosquat typosquat.levenshtein:body-parser AI (typosquat): Legitimate scoped AdonisJS package; not a typosquat of body-parser. ai
typosquat typosquat.pattern:body-parser AI (typosquat): Legitimate scoped AdonisJS package; pattern match is a false positive. ai
dependencies unvetted-dep:@poppinss/qs AI (dependencies): @poppinss/* packages are part of the AdonisJS ecosystem by the same author; stable dependency. ai
dependencies unvetted-dep:@poppinss/middleware AI (dependencies): @poppinss/* packages are part of the AdonisJS ecosystem by the same author; stable dependency. ai
dependencies unvetted-dep:@poppinss/multiparty AI (dependencies): @poppinss/* packages are part of the AdonisJS ecosystem by the same author; stable dependency. ai

Versions (showing 7 of 7)

Version Deps Published
11.0.3 9 / 33
11.0.2 9 / 33
11.0.1 9 / 33
11.0.0 9 / 33
10.1.5 11 / 34
10.1.4 11 / 34
10.1.3 11 / 34

v11.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.1

3 findings
HIGH typosquat.levenshtein: Possible typosquat of 'body-parser' typosquat

Package name '@adonisjs/bodyparser' is 1 edit(s) away from popular package 'body-parser'.

HIGH typosquat.pattern: Suspicious name similarity to 'body-parser' typosquat

Package name '@adonisjs/bodyparser' matches a known typosquatting pattern (hyphen swap, prefix/suffix) of 'body-parser'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.