@certd/plugin-lib — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

greper

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): New dep is an official Alibaba Cloud SDK utility, consistent with existing alicloud deps in this package.	ai	2026/05/09
provenance	no-provenance	AI (provenance): Only ~12% of npm packages have provenance; not a disqualifier for established packages.	ai	2026/05/02
npm-metadata	no-description	AI (npm-metadata): Established package with long history; missing description is metadata gap, not malware signal.	ai	2026/05/02
bogus-package	bogus-package	AI (bogus-package): Established @certd org package; missing metadata is a style issue, not a malice indicator.	ai	2026/05/02
dependencies	unvetted-dep:@alicloud/openapi-client	AI (dependencies): Official Alibaba Cloud SDK client; expected for cloud provider integration.	ai	2026/05/02
dependencies	unvetted-dep:qiniu	AI (dependencies): Qiniu is a legitimate Chinese cloud storage SDK; expected dependency for a cert deployment plugin.	ai	2026/05/02
dependencies	unvetted-dep:@alicloud/openapi-util	AI (dependencies): Official Alibaba Cloud SDK utility; expected for cloud provider integration.	ai	2026/05/02
phantom-deps	phantom-dep:strip-ansi	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@certd/plus-core	AI (phantom-deps): Same-org package; phantom-dep is a false positive for monorepo structures.	ai	2026/04/28
phantom-deps	phantom-dep:cos-nodejs-sdk-v5	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:socks-proxy-agent	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@alicloud/pop-core	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:ssh2	AI (phantom-deps): Plugin-lib re-exports cloud/infra SDKs; phantom-dep pattern is structural, not a risk.	ai	2026/04/28
phantom-deps	phantom-dep:@aws-sdk/client-s3	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@alicloud/openapi-util	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@kubernetes/client-node	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:tencentcloud-sdk-nodejs	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@alicloud/openapi-client	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@alicloud/tea-util	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:qiniu	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:socks	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:rimraf	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:ali-oss	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:basic-ftp	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28
phantom-deps	phantom-dep:iconv-lite	AI (phantom-deps): Cloud SDK re-export pattern; stable for this package.	ai	2026/04/28

Versions (showing 98 of 98)

Version	Deps	Published
1.41.1	25 / 15	2026-06-05
1.41.0	25 / 15	2026-06-04
1.40.5	25 / 15	2026-05-26
1.40.4	25 / 15	2026-05-24
1.40.3	25 / 15	2026-05-21
1.40.2	25 / 15	2026-05-19
1.40.1	25 / 15	2026-05-18
1.40.0	25 / 15	2026-05-14
1.39.16	25 / 15	2026-05-13
1.39.14	25 / 15	2026-05-11
1.39.13	25 / 15	2026-05-10
1.39.12	25 / 12	2026-04-29
1.39.11	25 / 12	2026-04-26
1.39.10	25 / 12	2026-04-11
1.39.9	25 / 12	2026-04-05
1.39.8	25 / 12	2026-03-31
1.39.7	25 / 12	2026-03-25
1.39.6	25 / 12	2026-03-22
1.39.5	25 / 12	2026-03-18
1.39.4	25 / 12	2026-03-17
1.39.3	25 / 12	2026-03-17
1.39.2	25 / 12	2026-03-16
1.39.1	25 / 12	2026-03-09
1.39.0	25 / 12	2026-03-07
1.38.12	25 / 12	2026-02-18
1.38.11	25 / 12	2026-02-16
1.38.10	25 / 12	2026-02-15
1.38.9	25 / 12	2026-02-09
1.38.8	25 / 12	2026-02-06
1.38.7	25 / 12	2026-02-05
1.38.6	25 / 12	2026-02-04
1.38.5	25 / 12	2026-02-02
1.38.4	25 / 12	2026-01-31
1.38.3	25 / 12	2026-01-28
1.38.2	25 / 12	2026-01-22
1.38.1	25 / 12	2026-01-15
1.38.0	25 / 12	2026-01-13
1.37.17	21 / 12	2025-12-29
1.37.16	21 / 12	2025-12-15
1.37.15	21 / 12	2025-12-06
1.37.14	21 / 12	2025-12-02
1.37.13	21 / 12	2025-12-02
1.37.12	21 / 12	2025-11-29
1.37.11	21 / 12	2025-11-28
1.37.10	21 / 12	2025-11-19
1.37.9	21 / 12	2025-11-19
1.37.8	21 / 12	2025-11-17
1.37.7	21 / 12	2025-11-12
1.37.6	21 / 12	2025-11-10
1.37.5	21 / 12	2025-11-08
1.37.4	21 / 12	2025-10-28
1.37.3	21 / 12	2025-10-24
1.37.2	21 / 12	2025-10-14
1.37.1	21 / 13	2025-09-29
1.37.0	21 / 13	2025-09-28
1.36.25	21 / 13	2025-09-27
1.36.24	21 / 13	2025-09-27
1.36.23	21 / 13	2025-09-26
1.36.22	21 / 13	2025-09-23
1.36.21	21 / 13	2025-09-15
1.36.20	21 / 13	2025-09-13
1.36.19	21 / 13	2025-09-05
1.36.18	21 / 13	2025-08-28
1.36.17	21 / 13	2025-08-17
1.36.16	21 / 13	2025-08-16
1.36.15	21 / 13	2025-08-07
1.36.14	21 / 13	2025-07-28
1.36.13	21 / 13	2025-07-23
1.36.12	21 / 13	2025-07-22
1.36.11	21 / 13	2025-07-22
1.36.10	21 / 13	2025-07-18
1.36.9	21 / 13	2025-07-15
1.36.7	21 / 13	2025-07-15
1.36.6	21 / 13	2025-07-14
1.36.5	21 / 13	2025-07-11
1.36.4	21 / 13	2025-07-10
1.36.3	21 / 13	2025-07-07
1.36.2	21 / 13	2025-07-06
1.36.1	21 / 13	2025-07-02
1.36.0	21 / 13	2025-07-01
1.35.5	21 / 13	2025-06-20
1.35.4	21 / 13	2025-06-13
1.35.3	21 / 13	2025-06-12
1.35.2	21 / 13	2025-06-09
1.35.1	21 / 13	2025-06-07
1.35.0	20 / 13	2025-06-05
1.34.11	20 / 13	2025-06-05
1.34.10	20 / 13	2025-06-03
1.34.9	20 / 13	2025-05-30
1.34.8	20 / 13	2025-05-28
1.34.7	20 / 13	2025-05-26
1.34.6	20 / 13	2025-05-25
1.34.5	18 / 13	2025-05-19
1.34.4	18 / 13	2025-05-16
1.34.3	18 / 13	2025-05-15
1.34.2	18 / 13	2025-05-11
1.34.1	18 / 13	2025-05-05
1.34.0	18 / 13	2025-04-28

v1.41.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.41.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.40.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.16

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.14

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.13

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.39.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.39.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.39.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.39.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.39.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.12

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.38.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.38.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.17

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.16

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.15

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.14

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.13

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.12

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.10

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.37.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.37.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.37.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.36.25

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.36.24

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.23

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.22

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.21

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.20

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.19

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.18

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.17

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.16

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.15

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.14

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.13

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.12

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.10

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.35.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.35.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.35.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.35.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.35.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.35.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.10

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.34.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.34.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.34.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.