@budibase/shared-core
Shared data utils
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Budibase org internal publisher rotation; new publisher is a Budibase team member with no malicious indicators. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers are Budibase org members; consistent with team growth/rotation on an established package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of shogunpurple consistent with internal Budibase team transition, not a hostile takeover. | ai | |
| dependencies | unvetted-dep:@budibase/types | AI (dependencies): Internal monorepo sibling dependency; wildcard version is standard Budibase monorepo practice. | ai |
Versions (showing 100 of 255)
| Version | Deps | Published |
|---|---|---|
| 3.38.5 | 3 / 1 | |
| 3.38.4 | 3 / 1 | |
| 3.38.3 | 3 / 1 | |
| 3.38.2 | 3 / 1 | |
| 3.38.1 | 3 / 1 | |
| 3.38.0 | 3 / 1 | |
| 3.37.5 | 3 / 1 | |
| 3.37.4 | 3 / 1 | |
| 3.37.3 | 3 / 1 | |
| 3.37.2 | 3 / 1 | |
| 3.37.1 | 3 / 1 | |
| 3.37.0 | 3 / 1 | |
| 3.36.5 | 3 / 1 | |
| 3.36.4 | 3 / 1 | |
| 3.36.3 | 2 / 1 | |
| 3.36.2 | 2 / 1 | |
| 3.36.1 | 2 / 1 | |
| 3.35.10 | 2 / 1 | |
| 3.35.3 | 2 / 1 | |
| 3.35.2 | 2 / 1 | |
| 3.35.1 | 2 / 1 | |
| 3.35.0 | 2 / 1 | |
| 3.34.11 | 2 / 1 | |
| 3.34.10 | 2 / 1 | |
| 3.34.9 | 2 / 1 | |
| 3.34.8 | 2 / 1 | |
| 3.34.7 | 2 / 1 | |
| 3.34.6 | 2 / 1 | |
| 3.34.5 | 2 / 1 | |
| 3.34.4 | 2 / 1 | |
| 3.34.3 | 2 / 1 | |
| 3.34.2 | 2 / 1 | |
| 3.34.1 | 2 / 1 | |
| 3.34.0 | 2 / 1 | |
| 3.33.5 | 2 / 1 | |
| 3.33.4 | 2 / 1 | |
| 3.33.3 | 2 / 1 | |
| 3.33.2 | 2 / 1 | |
| 3.33.1 | 2 / 1 | |
| 3.33.0 | 2 / 1 | |
| 3.32.6 | 2 / 1 | |
| 3.32.5 | 2 / 1 | |
| 3.32.4 | 2 / 1 | |
| 3.32.3 | 2 / 1 | |
| 3.32.2 | 2 / 1 | |
| 3.32.1 | 2 / 1 | |
| 3.32.0 | 2 / 1 | |
| 3.31.9 | 2 / 1 | |
| 3.31.8 | 2 / 1 | |
| 3.31.7 | 2 / 1 | |
| 3.31.6 | 2 / 1 | |
| 3.31.5 | 2 / 1 | |
| 3.31.4 | 2 / 1 | |
| 3.31.3 | 2 / 1 | |
| 3.31.2 | 2 / 1 | |
| 3.31.1 | 2 / 1 | |
| 3.31.0 | 2 / 1 | |
| 3.30.6 | 2 / 1 | |
| 3.30.5 | 2 / 1 | |
| 3.30.4 | 2 / 1 | |
| 3.30.3 | 2 / 1 | |
| 3.30.2 | 2 / 1 | |
| 3.30.1 | 2 / 1 | |
| 3.30.0 | 2 / 1 | |
| 3.29.0 | 2 / 1 | |
| 3.28.3 | 2 / 1 | |
| 3.28.2 | 2 / 1 | |
| 3.28.1 | 2 / 1 | |
| 3.28.0 | 2 / 1 | |
| 3.27.5 | 2 / 1 | |
| 3.27.4 | 2 / 1 | |
| 3.27.3 | 2 / 1 | |
| 3.27.2 | 2 / 1 | |
| 3.27.1 | 2 / 1 | |
| 3.27.0 | 2 / 1 | |
| 3.26.3 | 2 / 1 | |
| 3.26.2 | 2 / 1 | |
| 3.26.1 | 2 / 1 | |
| 3.26.0 | 2 / 1 | |
| 3.25.4 | 2 / 1 | |
| 3.25.3 | 2 / 1 | |
| 3.25.2 | 2 / 1 | |
| 3.25.1 | 2 / 1 | |
| 3.25.0 | 2 / 1 | |
| 3.24.8 | 2 / 1 | |
| 3.24.7 | 2 / 1 | |
| 3.24.6 | 2 / 1 | |
| 3.24.5 | 2 / 1 | |
| 3.24.4 | 2 / 1 | |
| 3.24.3 | 2 / 1 | |
| 3.24.2 | 2 / 1 | |
| 3.24.1 | 2 / 1 | |
| 3.24.0 | 2 / 1 | |
| 3.23.48 | 2 / 1 | |
| 3.23.47 | 2 / 1 | |
| 3.23.38 | 2 / 1 | |
| 3.23.37 | 2 / 1 | |
| 3.23.36 | 2 / 1 | |
| 3.23.35 | 2 / 1 | |
| 3.23.34 | 2 / 1 |
v3.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.36.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.35.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.11
2 findingsThis version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.10
2 findingsThis version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.9
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.8
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.7
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.6
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.4
2 findingsThis version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.34.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.4
2 findingsThis version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.33.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.6
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.4
2 findingsThis version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.32.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.9
2 findingsThis version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.8
2 findingsThis version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.7
2 findingsThis version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.6
2 findingsThis version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.4
2 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.6
2 findingsThis version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.5
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.4
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.30.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.29.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.28.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.28.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.28.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.28.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.5
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.4
2 findingsThis version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.26.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.26.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.26.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.26.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.4
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.8
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.7
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.6
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.5
2 findingsThis version was published by a different npm account than previous versions on 2026-01-20. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.4
2 findingsThis version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-09. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.48
2 findingsThis version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.47
2 findingsThis version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.23.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.