@algolia/requester-fetch
0
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
ejaldorauharoenvrayrutjesjerskasamousstherealwebbytkruggsylvainhlorrissaintgenezbroujoe-krebskombuchasylvaincrawler-teamamcdaid106devinalgoliajveneziaotomatiksarahdayanmaximehuangguitekmatthewbondshaejazcyril.descossytatsuromathouguixavdhagdavidrasemotteplnechshortcutspraagyajoshialphonsebleodaufabienmottedaltondickalgoliadhaya.bbengreenbankalgabetalg-bgastinneemmanuel.fortindylantientcheuandy_dsrobertmogosjcohonner-algoliacatalgoliaraed-algoliaaymeric.giraudetpjankowski5312eventexperiences_algoliataylorcjohnson_algoliasfaiqhinstantsearch-botflufleviwhalenabodelotmprevell97jkahoantoine.gilleswwalserbhinchley-algolialouishousiauxjsok_algoliaalg-adminhugowitmariamthiam01drodrigulnscyganek-algoliajasonberrybhcastlegavinwade12vascobettencourtmariaaalungucdhawke-algoliafelipe-bernalmorgan-algolia2sirockin_algoliajulia-francaisjcalgoaallam.algtecu23nyagudayevsamykettanijonathaningrammarioalgoliamasterstrikeoctavianiacobminjaslavkoviceric-zahariacmarguta-algoliaharsharora-algoliablaineventurinesarahdayanalgoliagavaudan-algoliamszmaj-algoliayutodalgsamyphilboothcarloscamposfredalgoliawabascript2lotfirafiklachlan.robertson
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Established Algolia monorepo package with strong publisher track record; missing gitHead likely reflects a CI/CD tooling change, not a supply chain compromise. | ai | |
| provenance | no-provenance | AI (provenance): Algolia v4 packages predate widespread Sigstore adoption; absence of provenance attestation is expected for this package line. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Package has 251 versions in registry; apparent dormancy is likely a tracking artifact. SLSA provenance and official Algolia repo confirm legitimate publishing. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers include Algolia-named accounts (marioalgolia, etc.), consistent with internal team changes at Algolia. SLSA provenance from official repo corroborates legitimacy. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Algolia org-level maintainer rotation; publisher 'shortcuts' has 152 approved packages. Normal team change for a large org's monorepo package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @algolia/client-common is a first-party sibling package in the same Algolia monorepo at the same version (5.45.0). Not a suspicious third-party dependency. | ai |
Versions (showing 0 of 0)
| Version | Deps | Published |
|---|