@auth0/auth0-checkmate
A command line tool for checking configuration of your Auth0 tenant
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): The raw IP appears only in a code comment explaining SSRF prevention; no actual request to a raw IP is made. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used in the analyzer plugin loader to load files by resolved path — intentional and stable for this package. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): Handlebars is a well-known templating library; ^4.7.8 is the current patched version with no active advisories. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 1.7.5 | 16 / 7 | |
| 1.7.3 | 16 / 7 | |
| 1.6.18 | 16 / 7 | |
| 1.6.17 | 16 / 7 |
v1.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.