@alwaysmeticulous/common
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Meticulous migrated publishing to GitHub Actions with SLSA provenance; this is the expected new publisher for this package. | ai |
Versions (showing 74 of 74)
| Version | Deps | Published |
|---|---|---|
| 2.283.1 | 6 / 4 | |
| 2.280.0 | 6 / 4 | |
| 2.277.0 | 6 / 4 | |
| 2.276.2 | 6 / 4 | |
| 2.275.0 | 6 / 4 | |
| 2.274.2 | 6 / 4 | |
| 2.274.1 | 6 / 4 | |
| 2.274.0 | 6 / 4 | |
| 2.273.0 | 5 / 3 | |
| 2.271.0 | 5 / 3 | |
| 2.269.1 | 5 / 3 | |
| 2.267.0 | 5 / 3 | |
| 2.266.2 | 5 / 3 | |
| 2.264.0 | 5 / 3 | |
| 2.262.1 | 5 / 3 | |
| 2.262.0 | 5 / 3 | |
| 2.260.2 | 5 / 3 | |
| 2.259.0 | 5 / 3 | |
| 2.258.0 | 5 / 3 | |
| 2.257.1 | 5 / 3 | |
| 2.257.0 | 5 / 3 | |
| 2.256.0 | 5 / 3 | |
| 2.255.0 | 5 / 3 | |
| 2.254.1 | 5 / 3 | |
| 2.253.0 | 5 / 3 | |
| 2.252.0 | 5 / 3 | |
| 2.251.1 | 5 / 3 | |
| 2.251.0 | 5 / 3 | |
| 2.250.7 | 5 / 3 | |
| 2.250.6 | 5 / 3 | |
| 2.250.5 | 5 / 3 | |
| 2.250.4 | 5 / 3 | |
| 2.250.3 | 5 / 3 | |
| 2.250.2 | 5 / 3 | |
| 2.250.1 | 5 / 3 | |
| 2.250.0 | 5 / 3 | |
| 2.248.14 | 5 / 3 | |
| 2.248.13 | 5 / 3 | |
| 2.248.12 | 5 / 3 | |
| 2.248.9 | 5 / 3 | |
| 2.248.0 | 5 / 3 | |
| 2.247.1 | 5 / 3 | |
| 2.246.0 | 5 / 3 | |
| 2.245.0 | 5 / 3 | |
| 2.244.5 | 5 / 3 | |
| 2.244.2 | 5 / 3 | |
| 2.244.1 | 5 / 3 | |
| 2.244.0 | 5 / 3 | |
| 2.242.6 | 5 / 3 | |
| 2.242.5 | 5 / 3 | |
| 2.242.4 | 5 / 3 | |
| 2.242.3 | 5 / 3 | |
| 2.242.2 | 5 / 3 | |
| 2.242.1 | 5 / 3 | |
| 2.241.0 | 5 / 3 | |
| 2.240.3 | 5 / 3 | |
| 2.239.3 | 5 / 3 | |
| 2.239.2 | 5 / 3 | |
| 2.237.1 | 5 / 3 | |
| 2.237.0 | 5 / 3 | |
| 2.236.2 | 2 / 3 | |
| 2.235.2 | 2 / 3 | |
| 2.233.0 | 2 / 3 | |
| 2.232.0 | 2 / 3 | |
| 2.231.0 | 2 / 3 | |
| 2.229.0 | 2 / 3 | |
| 2.227.1 | 2 / 3 | |
| 2.226.0 | 2 / 3 | |
| 2.225.0 | 2 / 3 | |
| 2.224.0 | 2 / 3 | |
| 2.223.0 | 2 / 3 | |
| 2.221.2 | 2 / 3 | |
| 2.221.0 | 2 / 3 | |
| 2.219.0 | 2 / 3 |
v2.283.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.280.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.277.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.276.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.275.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.274.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.274.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.274.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.273.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.271.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.269.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.267.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.266.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.264.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.262.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.262.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.260.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.259.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.258.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.257.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.257.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.256.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.255.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.254.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.253.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.252.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.251.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.251.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.250.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.248.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.248.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.248.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.248.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.248.0
2 findingsThis version was published by a different npm account than previous versions on 2025-11-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.247.1
2 findingsThis version was published by a different npm account than previous versions on 2025-11-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.246.0
2 findingsThis version was published by a different npm account than previous versions on 2025-11-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.245.0
2 findingsThis version was published by a different npm account than previous versions on 2025-11-04. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.244.5
2 findingsThis version was published by a different npm account than previous versions on 2025-10-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.244.2
2 findingsThis version was published by a different npm account than previous versions on 2025-10-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.244.1
2 findingsThis version was published by a different npm account than previous versions on 2025-10-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.244.0
2 findingsThis version was published by a different npm account than previous versions on 2025-10-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.242.6
2 findingsThis version was published by a different npm account than previous versions on 2025-10-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.242.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.242.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.242.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.242.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.242.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.241.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.240.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.239.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.239.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.237.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.237.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.236.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.235.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.233.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.232.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.231.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.229.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.227.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.226.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.225.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.224.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.223.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v2.221.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.221.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.219.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.