All @algolia/requester-node-http versions
@algolia/requester-node-http @4.27.0
Maintainers
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| @algolia/requester-common | 4.27.0 | auto_approved |
Transitive Dependency Tree
Changes from v5.49.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | @algolia/requester-common | 4.27.0 |
| removed | @algolia/client-common | 5.49.1 |
Script Changes
- test- build- clean- test:bundleFile Changes
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a persistent signal for this package — any version published without CI attestation after a history of attested releases should be rejected. | |
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher switch from GitHub Actions to a human account (eric-zaharia) on a long-dormant package is a strong compromise indicator that generalizes across versions published by this account. |
SAST Findings (3)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: eric-zaharia.
This version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Review Summary
Risk score: 50. Findings: 2 high (+50), 4 info (+0).
Published to npm: