@bifold/core No license 11 versions

@bifold/core

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bryce-mcmathopenwalletfoundation

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:cors	AI (typosquat): @bifold/core is the OpenWallet Foundation bifold-wallet package; no relation to the cors package.	ai	2026/05/18
semgrep	semgrep:base64-decode	AI (semgrep): Standard URL-safe base64 decoding in a helper utility; no obfuscation or exfiltration pattern.	ai	2026/05/18
phantom-deps	phantom-dep:@types/base-64	AI (phantom-deps): Type-only package listed in dependencies; not directly imported at runtime by convention.	ai	2026/05/18
phantom-deps	phantom-dep:@openwallet-foundation/askar-shared	AI (phantom-deps): Referenced in config files as documented; stable false positive for this package.	ai	2026/05/18

Versions (showing 11 of 11)

Version	Deps	Published
3.0.13	3 / 111	2026-06-02
3.0.12	3 / 111	2026-06-01
3.0.11	3 / 111	2026-06-01
3.0.10	3 / 109	2026-05-25
3.0.9	3 / 109	2026-05-24
3.0.8	3 / 109	2026-05-21
3.0.7	3 / 109	2026-05-21
3.0.6	3 / 109	2026-05-12
3.0.5	3 / 109	2026-05-11
3.0.4	3 / 109	2026-05-07
3.0.3	3 / 109	2026-05-01

v3.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.4

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@bifold/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@bifold/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.