← Home

@ahoo-wang/fetcher-generator

npm Repository Homepage

A powerful TypeScript code generation tool that automatically generates type-safe API client code based on OpenAPI specifications. It is designed for general use cases and is also deeply optimized for the [Wow](https://github.com/Ahoo-Wang/Wow) Domain-Dri

51
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

ahoo-wang

Keywords

fetchhttpclientopenapiopenapi3swaggergeneratortypescriptcodegenapirest

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/src-_BvdpX41.cjs AI (source-diff): Standard Vite minified CJS bundle output; not obfuscated malware. Stable pattern for this package. ai
source-diff obfuscated-file:dist/src-BeMHvuFm.cjs AI (source-diff): Standard Vite minified CJS bundle chunk; content is readable OpenAPI codegen logic, not malicious obfuscation. ai
source-diff obfuscated-file:dist/src-65Qr4jZF.cjs AI (source-diff): Standard Vite/Rollup minified bundle; source maps included and content is readable codegen logic, not obfuscation. ai
provenance publisher-changed AI (provenance): Package uses GitHub Actions for publishing with SLSA attestation; publisher=GitHub Actions is the expected pattern for this repo. ai
source-diff obfuscated-file:dist/src-BCYPCGek.cjs AI (source-diff): Minified Vite/Rollup bundle output with accompanying source maps; not obfuscated malware. ai
source-diff obfuscated-file:dist/src-ayZQGyfv.cjs AI (source-diff): Vite/Rollup minified bundle output; sample shows benign codegen logic, not obfuscation. ai
source-diff obfuscated-file:dist/src-CHPCp95i.cjs AI (source-diff): Standard Vite minified CJS bundle; content is readable tool logic, not obfuscation. ai
source-diff obfuscated-file:dist/src-BijqHJxQ.cjs AI (source-diff): Minified Vite/Rollup bundle output; sample shows benign codegen logic, not obfuscation. ai
source-diff obfuscated-file:dist/src-DY8hKMiY.cjs AI (source-diff): Standard Vite/rollup minified bundle output; not obfuscated, readable logic visible in sample. ai
source-diff obfuscated-file:dist/src-CAGuDr9X.cjs AI (source-diff): Standard Vite minified CJS bundle with accompanying source maps; no malicious patterns in sample. ai
source-diff obfuscated-file:dist/src-hfF6pY8U.cjs AI (source-diff): Standard Vite/Rollup minified bundle with accompanying source maps; not obfuscated malware. ai
source-diff obfuscated-file:dist/src-swpb5H7t.cjs AI (source-diff): Standard Vite CJS bundle with source maps; long lines are minified but readable, no obfuscation or malicious patterns. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance confirms CI/CD publish; 220 versions in registry shows active project, gap is incidental. ai

Versions (showing 51 of 145)

View all versions
Version Deps Published
3.16.9 3 / 13
3.16.8 3 / 13
3.16.6 3 / 13
3.16.5 3 / 13
3.16.4 3 / 13
3.16.3 3 / 13
3.16.2 3 / 13
3.16.1 3 / 13
3.16.0 3 / 13
3.15.9 3 / 13
3.15.8 3 / 13
3.15.7 3 / 13
3.15.6 3 / 13
3.15.5 3 / 13
3.15.4 3 / 13
3.15.3 3 / 13
3.15.2 3 / 13
3.15.1 3 / 13
3.15.0 3 / 13
3.13.15 3 / 13
3.13.14 3 / 13
3.13.13 3 / 13
3.13.12 3 / 13
3.13.11 3 / 13
3.13.10 3 / 13
3.13.9 3 / 13
3.13.8 3 / 13
3.13.6 3 / 13
3.13.5 3 / 13
3.13.4 3 / 13
3.13.3 3 / 13
3.13.2 3 / 13
3.13.1 3 / 13
3.13.0 3 / 13
3.12.21 3 / 13
3.12.20 3 / 13
3.12.19 3 / 13
3.12.18 3 / 13
3.12.16 3 / 13
3.12.15 3 / 13
3.12.14 3 / 13
3.12.13 3 / 13
3.12.12 3 / 13
3.12.11 3 / 13
3.12.10 3 / 13
3.12.9 3 / 13
3.12.8 3 / 13
3.12.6 3 / 13
3.12.5 3 / 13
3.12.3 3 / 13
3.12.2 3 / 13

v3.16.9

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.8

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.6

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.5

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.4

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.3

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.2

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.1

2 findings
HIGH New obfuscated file: dist/src-BeMHvuFm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.16.0

2 findings
HIGH New obfuscated file: dist/src-65Qr4jZF.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.9

2 findings
HIGH New obfuscated file: dist/src-_BvdpX41.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.8

2 findings
HIGH New obfuscated file: dist/src-BCYPCGek.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.7

2 findings
HIGH New obfuscated file: dist/src-ayZQGyfv.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.5

2 findings
HIGH New obfuscated file: dist/src-BijqHJxQ.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.4

2 findings
HIGH New obfuscated file: dist/src-CAGuDr9X.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.3

2 findings
HIGH New obfuscated file: dist/src-hfF6pY8U.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.2

2 findings
HIGH New obfuscated file: dist/src-DY8hKMiY.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.1

2 findings
HIGH New obfuscated file: dist/src-CHPCp95i.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.0

2 findings
HIGH New obfuscated file: dist/src-swpb5H7t.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.12

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-24) provenance

This version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.11

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.10

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-18) provenance

This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.9

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-18) provenance

This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.8

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-18) provenance

This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.6

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.5

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.4

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.3

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.2

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.1

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-12) provenance

This version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.0

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-12) provenance

This version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.21

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.20

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-10) provenance

This version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.19

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-07) provenance

This version was published by a different npm account than previous versions on 2026-03-07. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.18

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-06) provenance

This version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.16

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-06) provenance

This version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.15

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.14

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.13

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.12

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.11

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.10

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.9

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.8

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.6

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.5

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.3

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.2

2 findings
HIGH Publisher changed: ahoo-wang → GitHub Actions (on 2026-02-28) provenance

This version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.