@automattic/jetpack-boost-score-api

A package to get the Jetpack Boost score of a site

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

macbreyuliyanmjangdamatticbota8cbloweryehg_sgomestyxlasaroshaganejclovrencicsirbrilligchriszaraterobersongomesjohngodleyjehervedaledupreez-a8ct2dw4tluismulinariandrea-sdlelazzabifmfernandessirrealwwachihsuanmanzoorwanijkmsurdi-a8cnewspack-npmdsmartgkthai15bgrgicakrobertsreberski_a8cartpigmjuhaszkat3samsinbrunobastodhenridevmrmurphywpvip-botetobiesenalshakeroarthur791004diliritymehmoodaknatalia.vidalivan.ottingeranandnalyaarcangelinisretrofoxfredrikekelundchriskmndsoandregalgalatanovidiukangzj_mirka_aduthebuccelli

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher changed from matticbot to GitHub Actions as part of Automattic's CI/CD migration; SLSA provenance attestation confirms legitimate automated publishing. This is a stable, expected pattern for this package.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): Automattic is a large org with normal team turnover; maintainer additions/removals in their monorepo packages reflect legitimate organizational changes, not takeover risk.	ai	2026/04/21
source-diff	obfuscated-file:build/index.js	AI (source-diff): build/index.js is a standard webpack bundle output for this TypeScript package. Minified build artifacts are expected and consistent with the package's build tooling (webpack). Not malicious obfuscation.	ai	2026/04/21
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removals are consistent with normal Automattic team turnover; no evidence of malicious takeover in this well-established package.	ai	2026/04/21
dependencies	unvetted-dep:zod	AI (dependencies): zod is a widely-used, legitimate validation library; unvetted status does not reflect actual risk for this established package.	ai	2026/04/21
phantom-deps	phantom-dep:zod	AI (phantom-deps): Package ships a pre-built bundle; zod is a declared runtime dep used in build output, not directly imported in analyzed source. False positive for this build pattern.	ai	2026/04/21
phantom-deps	phantom-dep:@wordpress/i18n	AI (phantom-deps): Same build-output pattern — @wordpress/i18n is a legitimate Automattic dep bundled at build time, not directly imported in analyzed source.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): This is a legitimate Automattic sub-package of the Jetpack monorepo. README linking to the monorepo is expected; low-value signals are false positives for this package.	ai	2026/04/21

Versions (showing 51 of 114)

View all versions

Version	Deps	Published
1.0.46	2 / 5	2026-06-08
1.0.45	2 / 5	2026-06-03
1.0.44	2 / 5	2026-06-02
1.0.43	2 / 5	2026-05-21
1.0.42	2 / 5	2026-05-19
1.0.41	2 / 5	2026-05-14
1.0.40	2 / 5	2026-05-11
1.0.39	2 / 5	2026-05-04
1.0.38	2 / 5	2026-04-20
1.0.37	2 / 5	2026-04-09
1.0.36	2 / 5	2026-04-06
1.0.35	2 / 5	2026-03-30
1.0.34	2 / 5	2026-03-23
1.0.33	2 / 5	2026-03-16
1.0.32	2 / 5	2026-03-09
1.0.31	2 / 5	2026-02-26
1.0.30	2 / 5	2026-02-18
1.0.29	2 / 5	2026-02-16
1.0.28	2 / 5	2026-02-10
1.0.27	2 / 5	2026-02-02
1.0.26	2 / 5	2026-01-26
1.0.25	2 / 5	2026-01-19
1.0.24	2 / 5	2026-01-14
1.0.23	2 / 6	2026-01-07
1.0.22	2 / 6	2025-12-22
1.0.21	2 / 6	2025-12-11
1.0.20	2 / 6	2025-12-08
1.0.19	2 / 6	2025-12-01
1.0.18	2 / 6	2025-11-17
1.0.17	2 / 6	2025-10-28
1.0.16	2 / 6	2025-10-02
1.0.15	2 / 6	2025-09-22
1.0.14	2 / 6	2025-09-19
1.0.13	2 / 6	2025-09-08
1.0.12	2 / 6	2025-08-25
1.0.11	2 / 6	2025-08-18
1.0.10	2 / 6	2025-08-13
1.0.9	2 / 6	2025-08-11
1.0.8	2 / 6	2025-08-04
1.0.7	2 / 6	2025-07-21
1.0.6	2 / 6	2025-07-08
1.0.5	2 / 6	2025-07-03
1.0.4	2 / 6	2025-06-30
1.0.3	2 / 6	2025-06-23
1.0.2	2 / 6	2025-06-18
1.0.1	2 / 6	2025-06-04
1.0.0	2 / 6	2025-06-03
0.1.67	2 / 6	2025-06-02
0.1.65	2 / 6	2025-05-22
0.1.64	2 / 6	2025-05-05
0.1.63	2 / 6	2025-04-14