@conform-to/zod — Greenflagged

Conform helpers for integrating with Zod

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

edmundhung

Keywords

constraint-validationformform-validationhtmlprogressive-enhancementvalidationzod

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package migrated to GitHub Actions publishing with SLSA attestation; this is the expected pattern for CI/CD-based releases.	ai	2026/05/05
typosquat	typosquat.levenshtein:koa	AI (typosquat): Scoped package @conform-to/zod; no relation to koa. Stable false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:got	AI (typosquat): Scoped package @conform-to/zod; no relation to got. Stable false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @conform-to/zod; no relation to joi. Stable false positive.	ai	2026/04/29

Versions (showing 33 of 33)

Version	Deps	Published
1.19.3	1 / 12	2026-05-16
1.19.2	1 / 9	2026-05-10
1.19.1	1 / 9	2026-04-27
1.19.0	1 / 9	2026-04-13
1.18.0	1 / 9	2026-04-04
1.17.1	1 / 9	2026-02-15
1.17.0	1 / 9	2026-02-10
1.16.0	1 / 9	2026-01-26
1.15.1	1 / 9	2025-12-18
1.15.0	1 / 9	2025-12-10
1.14.1	1 / 9	2025-12-04
1.14.0	1 / 9	2025-12-01
1.13.3	1 / 9	2025-11-07
1.13.2	1 / 9	2025-10-31
1.13.1	1 / 9	2025-10-23
1.13.0	1 / 9	2025-10-20
1.12.1	1 / 9	2025-10-17
1.12.0	1 / 9	2025-10-08
1.11.0	1 / 9	2025-09-25
1.10.1	1 / 9	2025-09-17
1.10.0	1 / 9	2025-09-15
1.9.1	1 / 9	2025-09-10
1.9.0	1 / 9	2025-09-05
1.8.2	1 / 9	2025-07-15
1.8.1	1 / 8	2025-07-03
1.8.0	1 / 8	2025-06-30
1.7.2	1 / 8	2025-06-20
1.7.1	1 / 8	2025-06-19
1.7.0	1 / 8	2025-06-13
1.6.1	1 / 8	2025-05-30
1.6.0	1 / 8	2025-05-19
1.5.1	1 / 8	2025-05-15
1.5.0	1 / 8	2025-05-05

v1.19.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.1

2 findings

HIGH Publisher changed: edmundhung → GitHub Actions (on 2026-02-15) provenance

This version was published by a different npm account than previous versions on 2026-02-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.0

2 findings

HIGH Publisher changed: edmundhung → GitHub Actions (on 2026-02-10) provenance

This version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.