@certd/pipeline
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; missing metadata is typical for internal scoped packages, not a spam indicator. | ai | |
| phantom-deps | phantom-dep:@certd/plus-core | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic is a stable false positive for this monorepo package. | ai |
Versions (showing 51 of 98)
| Version | Deps | Published |
|---|---|---|
| 1.41.1 | 5 / 22 | |
| 1.41.0 | 5 / 22 | |
| 1.40.5 | 5 / 22 | |
| 1.40.4 | 5 / 22 | |
| 1.40.3 | 5 / 22 | |
| 1.40.2 | 5 / 22 | |
| 1.40.1 | 5 / 22 | |
| 1.40.0 | 5 / 22 | |
| 1.39.16 | 5 / 22 | |
| 1.39.14 | 5 / 22 | |
| 1.39.13 | 5 / 22 | |
| 1.39.12 | 5 / 19 | |
| 1.39.11 | 5 / 19 | |
| 1.39.10 | 5 / 19 | |
| 1.39.9 | 5 / 19 | |
| 1.39.8 | 5 / 19 | |
| 1.39.7 | 5 / 19 | |
| 1.39.6 | 5 / 19 | |
| 1.39.5 | 5 / 19 | |
| 1.39.4 | 5 / 19 | |
| 1.39.3 | 5 / 19 | |
| 1.39.2 | 5 / 19 | |
| 1.39.1 | 5 / 19 | |
| 1.39.0 | 5 / 19 | |
| 1.38.12 | 5 / 19 | |
| 1.38.11 | 5 / 19 | |
| 1.38.10 | 5 / 19 | |
| 1.38.9 | 5 / 19 | |
| 1.38.8 | 5 / 19 | |
| 1.38.7 | 5 / 19 | |
| 1.38.6 | 5 / 19 | |
| 1.38.5 | 5 / 19 | |
| 1.38.4 | 5 / 19 | |
| 1.38.3 | 5 / 19 | |
| 1.38.2 | 5 / 19 | |
| 1.38.1 | 5 / 19 | |
| 1.38.0 | 5 / 19 | |
| 1.37.17 | 5 / 19 | |
| 1.37.16 | 5 / 19 | |
| 1.37.15 | 5 / 19 | |
| 1.37.14 | 5 / 19 | |
| 1.37.13 | 5 / 19 | |
| 1.37.12 | 5 / 19 | |
| 1.37.11 | 5 / 19 | |
| 1.37.10 | 5 / 19 | |
| 1.37.9 | 5 / 19 | |
| 1.37.8 | 5 / 19 | |
| 1.37.7 | 5 / 19 | |
| 1.37.6 | 5 / 19 | |
| 1.37.5 | 5 / 19 | |
| 1.37.4 | 5 / 19 |
v1.41.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.41.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.