@certd/acme-client
Simple and unopinionated ACME client
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:hex-decode | AI (semgrep): Used in TLS-ALPN ACME challenge construction; standard crypto operation, not obfuscation. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Used for HMAC key decoding in ACME HTTP request signing; standard and expected. | ai | |
| phantom-deps | phantom-dep:lodash-es | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive for ESM imports. | ai | |
| phantom-deps | phantom-dep:punycode.js | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:http-proxy-agent | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:https-proxy-agent | AI (phantom-deps): Listed as runtime dep; phantom-dep heuristic false positive. | ai |
Versions (showing 99 of 99)
| Version | Deps | Published |
|---|---|---|
| 1.41.1 | 10 / 17 | |
| 1.41.0 | 10 / 17 | |
| 1.40.5 | 10 / 17 | |
| 1.40.4 | 10 / 17 | |
| 1.40.3 | 10 / 17 | |
| 1.40.2 | 10 / 17 | |
| 1.40.1 | 10 / 17 | |
| 1.40.0 | 10 / 17 | |
| 1.39.16 | 10 / 17 | |
| 1.39.15 | 10 / 17 | |
| 1.39.14 | 10 / 17 | |
| 1.39.13 | 10 / 17 | |
| 1.39.12 | 10 / 15 | |
| 1.39.11 | 10 / 15 | |
| 1.39.10 | 10 / 15 | |
| 1.39.9 | 10 / 15 | |
| 1.39.8 | 10 / 15 | |
| 1.39.7 | 10 / 15 | |
| 1.39.6 | 10 / 15 | |
| 1.39.5 | 10 / 15 | |
| 1.39.4 | 10 / 15 | |
| 1.39.3 | 10 / 15 | |
| 1.39.2 | 10 / 15 | |
| 1.39.1 | 10 / 15 | |
| 1.39.0 | 10 / 15 | |
| 1.38.12 | 10 / 15 | |
| 1.38.11 | 10 / 15 | |
| 1.38.10 | 10 / 15 | |
| 1.38.9 | 10 / 15 | |
| 1.38.8 | 10 / 15 | |
| 1.38.7 | 10 / 15 | |
| 1.38.6 | 10 / 15 | |
| 1.38.5 | 10 / 15 | |
| 1.38.4 | 10 / 15 | |
| 1.38.3 | 10 / 15 | |
| 1.38.2 | 10 / 15 | |
| 1.38.1 | 10 / 15 | |
| 1.38.0 | 10 / 15 | |
| 1.37.17 | 10 / 15 | |
| 1.37.16 | 10 / 15 | |
| 1.37.15 | 10 / 15 | |
| 1.37.14 | 10 / 15 | |
| 1.37.13 | 10 / 15 | |
| 1.37.12 | 10 / 15 | |
| 1.37.11 | 10 / 15 | |
| 1.37.10 | 10 / 15 | |
| 1.37.9 | 10 / 15 | |
| 1.37.8 | 10 / 15 | |
| 1.37.7 | 10 / 15 | |
| 1.37.6 | 10 / 15 | |
| 1.37.5 | 10 / 15 | |
| 1.37.4 | 10 / 15 | |
| 1.37.3 | 10 / 15 | |
| 1.37.2 | 10 / 15 | |
| 1.37.1 | 10 / 15 | |
| 1.37.0 | 10 / 15 | |
| 1.36.25 | 10 / 15 | |
| 1.36.24 | 10 / 15 | |
| 1.36.23 | 10 / 15 | |
| 1.36.22 | 10 / 15 | |
| 1.36.21 | 10 / 15 | |
| 1.36.20 | 10 / 15 | |
| 1.36.19 | 10 / 15 | |
| 1.36.18 | 10 / 15 | |
| 1.36.17 | 10 / 15 | |
| 1.36.16 | 10 / 15 | |
| 1.36.15 | 10 / 15 | |
| 1.36.14 | 10 / 15 | |
| 1.36.13 | 10 / 15 | |
| 1.36.12 | 10 / 15 | |
| 1.36.11 | 10 / 15 | |
| 1.36.10 | 10 / 15 | |
| 1.36.9 | 10 / 15 | |
| 1.36.7 | 10 / 15 | |
| 1.36.6 | 10 / 15 | |
| 1.36.5 | 10 / 15 | |
| 1.36.4 | 10 / 15 | |
| 1.36.3 | 10 / 15 | |
| 1.36.2 | 10 / 15 | |
| 1.36.1 | 10 / 15 | |
| 1.36.0 | 10 / 15 | |
| 1.35.5 | 10 / 15 | |
| 1.35.4 | 10 / 15 | |
| 1.35.3 | 10 / 15 | |
| 1.35.2 | 10 / 15 | |
| 1.35.1 | 10 / 15 | |
| 1.35.0 | 10 / 15 | |
| 1.34.11 | 10 / 15 | |
| 1.34.10 | 10 / 15 | |
| 1.34.9 | 10 / 15 | |
| 1.34.8 | 10 / 15 | |
| 1.34.7 | 10 / 15 | |
| 1.34.6 | 10 / 15 | |
| 1.34.5 | 10 / 15 | |
| 1.34.4 | 10 / 15 | |
| 1.34.3 | 10 / 15 | |
| 1.34.2 | 10 / 15 | |
| 1.34.1 | 10 / 15 | |
| 1.34.0 | 10 / 15 |
v1.41.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.41.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.