@ben_12/eslint-plugin-dprint
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:@ben_12/eslint-plugin-dprint | AI (npm-metadata): Self-referencing file: dep points to local test/internal-rules fixture; not a registry bypass risk. | ai | |
| phantom-deps | phantom-dep:debug | AI (phantom-deps): debug is a declared runtime dependency; phantom-dep heuristic misfires here. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 1.18.0 | 4 / 22 | |
| 1.17.1 | 4 / 22 | |
| 1.17.0 | 4 / 22 | |
| 1.3.4 | 4 / 24 |
v1.18.0
2 findingsMaintainer email '[email protected]' uses domain 'ben12.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.17.1
2 findingsMaintainer email '[email protected]' uses domain 'ben12.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.17.0
2 findingsMaintainer email '[email protected]' uses domain 'ben12.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.4
2 findingsMaintainer email '[email protected]' uses domain 'ben12.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.