← Home

@amplitude/segment-session-replay-plugin

npm Repository Homepage

Plugin for Segment's analytics.js library to support Amplitude's Session Replay.

4
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

curtisbliukelson.warnersdk.devdaniel-graham-amplitudejjwang123

Keywords

amplitudeanalyticssession replaysegment

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Fires on minified TypeScript/rrweb bundle output; standard pattern in this package's build artifacts. ai
semgrep semgrep:base64-decode AI (semgrep): Fires on minified rrweb bundle; no actual malicious payload, standard build artifact pattern. ai
dependencies unvetted-dep:@segment/analytics-next AI (dependencies): Core peer dependency for a Segment analytics plugin; expected and legitimate. ai

Versions (showing 4 of 4)

Version Deps Published
0.0.26 3 / 9
0.0.25 3 / 9
0.0.19 3 / 9
0.0.16 3 / 9

v0.0.26

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.25

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.