@certd/acme-client
Simple and unopinionated ACME client
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:hex-decode | AI (semgrep): Used in TLS-ALPN ACME challenge construction; standard crypto operation, not obfuscation. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Used for HMAC key decoding in ACME HTTP request signing; standard and expected. | ai | |
| phantom-deps | phantom-dep:lodash-es | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive for ESM imports. | ai | |
| phantom-deps | phantom-dep:punycode.js | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:http-proxy-agent | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:https-proxy-agent | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai |
Versions (showing 51 of 99)
| Version | Deps | Published |
|---|---|---|
| 1.41.1 | 10 / 17 | |
| 1.41.0 | 10 / 17 | |
| 1.40.5 | 10 / 17 | |
| 1.40.4 | 10 / 17 | |
| 1.40.3 | 10 / 17 | |
| 1.40.2 | 10 / 17 | |
| 1.40.1 | 10 / 17 | |
| 1.40.0 | 10 / 17 | |
| 1.39.16 | 10 / 17 | |
| 1.39.15 | 10 / 17 | |
| 1.39.14 | 10 / 17 | |
| 1.39.13 | 10 / 17 | |
| 1.39.12 | 10 / 15 | |
| 1.39.11 | 10 / 15 | |
| 1.39.10 | 10 / 15 | |
| 1.39.9 | 10 / 15 | |
| 1.39.8 | 10 / 15 | |
| 1.39.7 | 10 / 15 | |
| 1.39.6 | 10 / 15 | |
| 1.39.5 | 10 / 15 | |
| 1.39.4 | 10 / 15 | |
| 1.39.3 | 10 / 15 | |
| 1.39.2 | 10 / 15 | |
| 1.39.1 | 10 / 15 | |
| 1.39.0 | 10 / 15 | |
| 1.38.12 | 10 / 15 | |
| 1.38.11 | 10 / 15 | |
| 1.38.10 | 10 / 15 | |
| 1.38.9 | 10 / 15 | |
| 1.38.8 | 10 / 15 | |
| 1.38.7 | 10 / 15 | |
| 1.38.6 | 10 / 15 | |
| 1.38.5 | 10 / 15 | |
| 1.38.4 | 10 / 15 | |
| 1.38.3 | 10 / 15 | |
| 1.38.2 | 10 / 15 | |
| 1.38.1 | 10 / 15 | |
| 1.38.0 | 10 / 15 | |
| 1.37.17 | 10 / 15 | |
| 1.37.16 | 10 / 15 | |
| 1.37.15 | 10 / 15 | |
| 1.37.14 | 10 / 15 | |
| 1.37.13 | 10 / 15 | |
| 1.37.12 | 10 / 15 | |
| 1.37.11 | 10 / 15 | |
| 1.37.10 | 10 / 15 | |
| 1.37.9 | 10 / 15 | |
| 1.37.8 | 10 / 15 | |
| 1.37.7 | 10 / 15 | |
| 1.37.6 | 10 / 15 | |
| 1.37.5 | 10 / 15 |
v1.41.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.41.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.