@cleardu/core
Nest - modern, fast, powerful node.js web framework (@common)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): The real risk is NestJS impersonation, not a cors typosquat; this rule is a false positive for this package. | ai |
Versions (showing 51 of 211)
| Version | Deps | Published |
|---|---|---|
| 1.0.554 | 4 / 0 | |
| 1.0.553 | 4 / 0 | |
| 1.0.552 | 4 / 0 | |
| 1.0.551 | 4 / 0 | |
| 1.0.547 | 4 / 0 | |
| 1.0.546 | 4 / 0 | |
| 1.0.544 | 4 / 0 | |
| 1.0.543 | 4 / 0 | |
| 1.0.542 | 4 / 0 | |
| 1.0.541 | 4 / 0 | |
| 1.0.539 | 4 / 0 | |
| 1.0.538 | 4 / 0 | |
| 1.0.537 | 4 / 0 | |
| 1.0.536 | 4 / 0 | |
| 1.0.535 | 4 / 0 | |
| 1.0.534 | 4 / 0 | |
| 1.0.532 | 4 / 0 | |
| 1.0.531 | 4 / 0 | |
| 1.0.530 | 4 / 0 | |
| 1.0.529 | 4 / 0 | |
| 1.0.528 | 4 / 0 | |
| 1.0.527 | 4 / 0 | |
| 1.0.526 | 4 / 0 | |
| 1.0.525 | 4 / 0 | |
| 1.0.524 | 4 / 0 | |
| 1.0.523 | 4 / 0 | |
| 1.0.522 | 4 / 0 | |
| 1.0.521 | 4 / 0 | |
| 1.0.520 | 4 / 0 | |
| 1.0.519 | 4 / 0 | |
| 1.0.518 | 4 / 0 | |
| 1.0.517 | 4 / 0 | |
| 1.0.516 | 4 / 0 | |
| 1.0.515 | 4 / 0 | |
| 1.0.514 | 4 / 0 | |
| 1.0.513 | 4 / 0 | |
| 1.0.512 | 4 / 0 | |
| 1.0.511 | 4 / 0 | |
| 1.0.510 | 4 / 0 | |
| 1.0.509 | 4 / 0 | |
| 1.0.508 | 4 / 0 | |
| 1.0.506 | 4 / 0 | |
| 1.0.505 | 4 / 0 | |
| 1.0.504 | 4 / 0 | |
| 1.0.503 | 4 / 0 | |
| 1.0.502 | 4 / 0 | |
| 1.0.500 | 4 / 0 | |
| 1.0.499 | 4 / 0 | |
| 1.0.498 | 4 / 0 | |
| 1.0.497 | 4 / 0 | |
| 1.0.496 | 4 / 0 |
v1.0.554
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.553
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.552
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.551
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.547
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.546
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.544
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.543
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.542
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.541
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.539
2 findingsPackage name '@cleardu/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.538
2 findingsPackage name '@cleardu/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.537
2 findingsPackage name '@cleardu/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.536
2 findingsPackage name '@cleardu/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.535
2 findingsPackage name '@cleardu/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.534
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (tecxar-prashant) than the most recent previously approved version (devtecxar) on 2026-02-23, but tecxar-prashant is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.0.532
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.531
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.530
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.529
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.528
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.527
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.526
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.525
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.524
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.523
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.522
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.521
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.520
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.519
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.518
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.517
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.516
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.515
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.514
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.513
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.512
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.511
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.510
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.509
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.508
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.506
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.505
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.504
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.503
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.502
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.500
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.499
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.498
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.497
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.496
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.