@crawlee/core — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mtrunkatjancurnpetrpatekmnmkngjaroslavhejlekdrobnikjmetalwarrior665fnesvedab4nanapify-service-account

Keywords

apifyheadlesschromepuppeteercrawlerscraper

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:cors	AI (typosquat): @crawlee/core is the canonical Apify crawling framework; no relation to the 'cors' package.	ai	2026/04/28
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used for safe error message extraction, not obfuscation; stable pattern in this package.	ai	2026/04/28
dependencies	unvetted-dep:@apify/log	AI (dependencies): First-party @apify/* dependency from the same Apify organization; stable across versions.	ai	2026/04/28
dependencies	unvetted-dep:got-scraping	AI (dependencies): Core HTTP scraping dependency maintained by Apify; integral to this package's purpose.	ai	2026/04/28
dependencies	unvetted-dep:@apify/consts	AI (dependencies): First-party @apify/* dependency from the same Apify organization.	ai	2026/04/28
dependencies	unvetted-dep:@apify/timeout	AI (dependencies): First-party @apify/* dependency from the same Apify organization.	ai	2026/04/28
dependencies	unvetted-dep:@crawlee/types	AI (dependencies): Sibling monorepo package from the same Crawlee project.	ai	2026/04/28
dependencies	unvetted-dep:@crawlee/utils	AI (dependencies): Sibling monorepo package from the same Crawlee project.	ai	2026/04/28
dependencies	unvetted-dep:@apify/utilities	AI (dependencies): First-party @apify/* dependency from the same Apify organization.	ai	2026/04/28
dependencies	unvetted-dep:@apify/pseudo_url	AI (dependencies): First-party @apify/* dependency from the same Apify organization.	ai	2026/04/28
dependencies	unvetted-dep:@apify/datastructures	AI (dependencies): First-party @apify/* dependency from the same Apify organization.	ai	2026/04/28
dependencies	unvetted-dep:@crawlee/memory-storage	AI (dependencies): Sibling monorepo package from the same Crawlee project.	ai	2026/04/28

Versions (showing 15 of 15)

Version	Deps	Published
3.16.0	22 / 0	2026-02-06
3.15.3	22 / 0	2025-11-10
3.15.2	22 / 0	2025-10-23
3.15.1	22 / 0	2025-09-26
3.15.0	22 / 0	2025-09-17
3.14.1	22 / 0	2025-08-05
3.14.0	22 / 0	2025-07-25
3.13.10	22 / 0	2025-07-09
3.13.9	22 / 0	2025-06-27
3.13.8	22 / 0	2025-06-16
3.13.7	22 / 0	2025-06-06
3.13.6	22 / 0	2025-06-05
3.13.5	22 / 0	2025-05-20
3.13.4	22 / 0	2025-05-14
3.13.3	22 / 0	2025-05-05

v3.16.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@crawlee/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.