@cipherstash/schema

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (cs-zcjbrewer) than the most recent previously approved version (dan-draper) on 2026-03-25, but cs-zcjbrewer is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (cs-zcjbrewer) than the most recent previously approved version (dan-draper) on 2026-02-24, but cs-zcjbrewer is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.