@builder.io/ai-utils
Builder.io AI utils
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:npmrc-access | AI (semgrep): Finding is a string literal in a Zod schema description, not actual .npmrc credential access. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): All raw-IP hits are localhost addresses in test spec files — not production network calls. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped @builder.io package with 387 versions; missing metadata is a style choice, not a spam indicator. | ai |
Versions (showing 100 of 243)
| Version | Deps | Published |
|---|---|---|
| 0.68.0 | 1 / 0 | |
| 0.67.0 | 1 / 0 | |
| 0.66.2 | 1 / 0 | |
| 0.66.1 | 1 / 0 | |
| 0.66.0 | 1 / 0 | |
| 0.65.0 | 1 / 0 | |
| 0.64.0 | 1 / 0 | |
| 0.63.0 | 1 / 0 | |
| 0.62.0 | 1 / 0 | |
| 0.61.0 | 1 / 0 | |
| 0.60.1 | 1 / 0 | |
| 0.60.0 | 1 / 0 | |
| 0.59.0 | 1 / 0 | |
| 0.58.1 | 1 / 0 | |
| 0.58.0 | 1 / 0 | |
| 0.57.0 | 1 / 0 | |
| 0.56.0 | 1 / 0 | |
| 0.55.0 | 1 / 0 | |
| 0.54.0 | 1 / 0 | |
| 0.53.1 | 1 / 0 | |
| 0.53.0 | 1 / 0 | |
| 0.52.0 | 0 / 0 | |
| 0.51.0 | 0 / 0 | |
| 0.50.4 | 0 / 0 | |
| 0.50.3 | 0 / 0 | |
| 0.50.2 | 0 / 0 | |
| 0.50.1 | 0 / 0 | |
| 0.50.0 | 0 / 0 | |
| 0.49.0 | 0 / 0 | |
| 0.48.1 | 0 / 0 | |
| 0.48.0 | 0 / 0 | |
| 0.47.1 | 0 / 0 | |
| 0.47.0 | 0 / 0 | |
| 0.46.0 | 0 / 0 | |
| 0.45.1 | 0 / 0 | |
| 0.45.0 | 0 / 0 | |
| 0.44.6 | 0 / 0 | |
| 0.44.5 | 0 / 0 | |
| 0.44.4 | 0 / 0 | |
| 0.44.3 | 0 / 0 | |
| 0.44.2 | 0 / 0 | |
| 0.44.0 | 0 / 0 | |
| 0.43.0 | 0 / 0 | |
| 0.42.0 | 0 / 0 | |
| 0.41.1 | 0 / 0 | |
| 0.12.22 | 0 / 0 | |
| 0.12.21 | 0 / 0 | |
| 0.12.20 | 0 / 0 | |
| 0.12.19 | 0 / 0 | |
| 0.12.18 | 0 / 0 | |
| 0.12.17 | 0 / 0 | |
| 0.12.16 | 0 / 0 | |
| 0.12.14 | 0 / 0 | |
| 0.12.13 | 0 / 0 | |
| 0.12.12 | 0 / 0 | |
| 0.12.11 | 0 / 0 | |
| 0.12.10 | 0 / 0 | |
| 0.12.9 | 0 / 0 | |
| 0.12.8 | 0 / 0 | |
| 0.12.7 | 0 / 0 | |
| 0.12.6 | 0 / 0 | |
| 0.12.5 | 0 / 0 | |
| 0.12.4 | 0 / 0 | |
| 0.12.3 | 0 / 0 | |
| 0.12.2 | 0 / 0 | |
| 0.12.1 | 0 / 0 | |
| 0.12.0 | 0 / 0 | |
| 0.11.35 | 0 / 0 | |
| 0.11.34 | 0 / 0 | |
| 0.11.33 | 0 / 0 | |
| 0.11.32 | 0 / 0 | |
| 0.11.31 | 0 / 0 | |
| 0.11.30 | 0 / 0 | |
| 0.11.28 | 0 / 0 | |
| 0.11.27 | 0 / 0 | |
| 0.11.26 | 0 / 0 | |
| 0.11.25 | 0 / 0 | |
| 0.11.24 | 0 / 0 | |
| 0.11.23 | 0 / 0 | |
| 0.11.22 | 0 / 0 | |
| 0.11.21 | 0 / 0 | |
| 0.11.20 | 0 / 0 | |
| 0.11.19 | 0 / 0 | |
| 0.11.18 | 0 / 0 | |
| 0.11.17 | 0 / 0 | |
| 0.11.16 | 0 / 0 | |
| 0.11.15 | 0 / 0 | |
| 0.11.14 | 0 / 0 | |
| 0.11.13 | 0 / 0 | |
| 0.11.12 | 0 / 0 | |
| 0.11.11 | 0 / 0 | |
| 0.11.10 | 0 / 0 | |
| 0.11.9 | 0 / 0 | |
| 0.11.8 | 0 / 0 | |
| 0.11.7 | 0 / 0 | |
| 0.11.6 | 0 / 0 | |
| 0.11.5 | 0 / 0 | |
| 0.11.4 | 0 / 0 | |
| 0.11.3 | 0 / 0 | |
| 0.11.2 | 0 / 0 |
v0.68.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.64.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.63.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.62.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.0
2 findingsAccessing .npmrc can expose npm auth tokens 1177 | .object({ 1178 | path: z.string().meta({ > 1179 | description: 'Path where the file should be written. Supports absolute paths ("/app/.npmrc"), tilde ("~/.npmrc") 1180 | }), 1181 | content: z.string().optional().meta({
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.60.1
2 findingsAccessing .npmrc can expose npm auth tokens 1175 | .object({ 1176 | path: z.string().meta({ > 1177 | description: 'Path where the file should be written. Supports absolute paths ("/app/.npmrc"), tilde ("~/.npmrc") 1178 | }), 1179 | content: z.string().optional().meta({
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.60.0
2 findingsAccessing .npmrc can expose npm auth tokens 1171 | .object({ 1172 | path: z.string().meta({ > 1173 | description: 'Path where the file should be written. Supports absolute paths ("/app/.npmrc"), tilde ("~/.npmrc") 1174 | }), 1175 | content: z.string().optional().meta({
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.59.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.54.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.53.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.53.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.52.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.51.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.50.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.50.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.50.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.50.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.50.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.49.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.48.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.48.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.47.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.47.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.46.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.45.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.42.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.