All @algolia/logger-console versions
@algolia/logger-console @4.26.0
Maintainers
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| @algolia/logger-common | 4.26.0 | auto_approved |
Transitive Dependency Tree
Changes from v5.48.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | @algolia/logger-common | 4.26.0 |
| removed | @algolia/client-common | 5.48.1 |
Script Changes
- test- build- clean- test:bundleFile Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Loss of provenance attestation on a package that previously had it is a strong supply-chain compromise indicator; this judgment generalizes across versions published without attestation. |
SAST Findings (3)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: fluf.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.
Review Summary
Risk score: 60. Findings: 2 high (+50), 1 medium (+10), 2 info (+0).
Published to npm: