@certd/plugin-cert
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:rimraf | AI (phantom-deps): rimraf is listed as a runtime dependency in package.json and used in build scripts; phantom-dep heuristic misfires here. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; empty entry point and missing metadata are structural, not malicious. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent across all @certd monorepo packages; not a spam indicator here. | ai | |
| dependencies | unvetted-dep:@certd/plugin-lib | AI (dependencies): Same-monorepo sibling dependency at matching version; not an external unvetted package. | ai |
Versions (showing 98 of 98)
| Version | Deps | Published |
|---|---|---|
| 1.41.1 | 6 / 14 | |
| 1.41.0 | 6 / 14 | |
| 1.40.5 | 6 / 14 | |
| 1.40.4 | 6 / 14 | |
| 1.40.3 | 6 / 14 | |
| 1.40.2 | 6 / 14 | |
| 1.40.1 | 6 / 14 | |
| 1.40.0 | 6 / 14 | |
| 1.39.16 | 6 / 14 | |
| 1.39.14 | 6 / 14 | |
| 1.39.13 | 6 / 14 | |
| 1.39.12 | 6 / 12 | |
| 1.39.11 | 6 / 12 | |
| 1.39.10 | 6 / 12 | |
| 1.39.9 | 6 / 12 | |
| 1.39.8 | 6 / 12 | |
| 1.39.7 | 6 / 12 | |
| 1.39.6 | 6 / 12 | |
| 1.39.5 | 6 / 12 | |
| 1.39.4 | 6 / 12 | |
| 1.39.3 | 6 / 12 | |
| 1.39.2 | 6 / 12 | |
| 1.39.1 | 6 / 12 | |
| 1.39.0 | 6 / 12 | |
| 1.38.12 | 6 / 12 | |
| 1.38.11 | 6 / 12 | |
| 1.38.10 | 6 / 12 | |
| 1.38.9 | 6 / 12 | |
| 1.38.8 | 6 / 12 | |
| 1.38.7 | 6 / 12 | |
| 1.38.6 | 6 / 12 | |
| 1.38.5 | 6 / 12 | |
| 1.38.4 | 6 / 12 | |
| 1.38.3 | 6 / 12 | |
| 1.38.2 | 6 / 12 | |
| 1.38.1 | 6 / 12 | |
| 1.38.0 | 6 / 12 | |
| 1.37.17 | 11 / 12 | |
| 1.37.16 | 11 / 12 | |
| 1.37.15 | 11 / 12 | |
| 1.37.14 | 11 / 12 | |
| 1.37.13 | 11 / 12 | |
| 1.37.12 | 11 / 12 | |
| 1.37.11 | 11 / 12 | |
| 1.37.10 | 11 / 12 | |
| 1.37.9 | 11 / 12 | |
| 1.37.8 | 11 / 12 | |
| 1.37.7 | 11 / 12 | |
| 1.37.6 | 11 / 12 | |
| 1.37.5 | 11 / 12 | |
| 1.37.4 | 11 / 12 | |
| 1.37.3 | 11 / 12 | |
| 1.37.2 | 11 / 12 | |
| 1.37.1 | 11 / 13 | |
| 1.37.0 | 11 / 13 | |
| 1.36.25 | 11 / 13 | |
| 1.36.24 | 11 / 13 | |
| 1.36.23 | 11 / 13 | |
| 1.36.22 | 11 / 13 | |
| 1.36.21 | 11 / 13 | |
| 1.36.20 | 11 / 13 | |
| 1.36.19 | 11 / 13 | |
| 1.36.18 | 11 / 13 | |
| 1.36.17 | 11 / 13 | |
| 1.36.16 | 11 / 13 | |
| 1.36.15 | 11 / 13 | |
| 1.36.14 | 11 / 13 | |
| 1.36.13 | 11 / 13 | |
| 1.36.12 | 11 / 13 | |
| 1.36.11 | 11 / 13 | |
| 1.36.10 | 11 / 13 | |
| 1.36.9 | 11 / 13 | |
| 1.36.7 | 11 / 13 | |
| 1.36.6 | 11 / 13 | |
| 1.36.5 | 11 / 13 | |
| 1.36.4 | 11 / 13 | |
| 1.36.3 | 11 / 13 | |
| 1.36.2 | 11 / 13 | |
| 1.36.1 | 11 / 13 | |
| 1.36.0 | 11 / 13 | |
| 1.35.5 | 11 / 13 | |
| 1.35.4 | 11 / 13 | |
| 1.35.3 | 11 / 13 | |
| 1.35.2 | 11 / 13 | |
| 1.35.1 | 11 / 13 | |
| 1.35.0 | 11 / 13 | |
| 1.34.11 | 11 / 13 | |
| 1.34.10 | 11 / 13 | |
| 1.34.9 | 11 / 13 | |
| 1.34.8 | 11 / 13 | |
| 1.34.7 | 11 / 13 | |
| 1.34.6 | 11 / 13 | |
| 1.34.5 | 11 / 13 | |
| 1.34.4 | 11 / 13 | |
| 1.34.3 | 11 / 13 | |
| 1.34.2 | 11 / 13 | |
| 1.34.1 | 11 / 13 | |
| 1.34.0 | 11 / 13 |
v1.41.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.41.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.38.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.36.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.35.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.34.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.