@api-client/core
The API Client's core client library. Works in NodeJS and in a ES enabled browser.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Not a typosquat; @api-client/core is a distinct, long-established API client library unrelated to the cors package. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get used for proxy/decorator internals — standard TypeScript decorator pattern, not obfuscation. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding in Buffer.ts is a utility function for data handling, not payload hiding. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): process.env enumeration in ProjectRunner is expected for a project/test runner that reads system variables. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 0.21.20 | 15 / 32 | |
| 0.21.19 | 15 / 32 | |
| 0.21.18 | 15 / 32 | |
| 0.21.17 | 15 / 32 | |
| 0.21.16 | 15 / 32 | |
| 0.21.15 | 15 / 32 | |
| 0.21.14 | 15 / 32 | |
| 0.21.13 | 15 / 32 | |
| 0.21.12 | 15 / 32 | |
| 0.21.11 | 15 / 32 | |
| 0.21.10 | 15 / 32 | |
| 0.21.9 | 15 / 32 | |
| 0.21.8 | 15 / 32 | |
| 0.21.7 | 15 / 32 | |
| 0.21.6 | 15 / 32 | |
| 0.21.5 | 15 / 32 | |
| 0.21.4 | 15 / 32 | |
| 0.21.3 | 15 / 32 | |
| 0.21.2 | 15 / 32 | |
| 0.21.1 | 15 / 32 | |
| 0.21.0 | 15 / 32 | |
| 0.19.32 | 22 / 42 | |
| 0.19.22 | 21 / 42 | |
| 0.19.21 | 21 / 42 | |
| 0.19.18 | 20 / 41 | |
| 0.19.16 | 20 / 41 |
v0.21.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.19.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.