@cyia/localize No license 12 versions

@cyia/localize

npm Repository Homepage

12

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

wszgrcy

Keywords

i18nl10ninternationalizationlocalizetranslateangularlocalizationlanguage

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require is used to load user-specified i18n translation JSON files in a CLI tool — a standard and expected pattern for a localization library.	ai	2026/04/25

Versions (showing 12 of 12)

Version	Deps	Published
1.4.2	4 / 0	2026-04-25
1.4.1	4 / 0	2026-04-25
1.4.0	4 / 0	2026-04-25
1.3.8	4 / 0	2026-04-25
1.3.7	4 / 0	2026-04-25
1.3.6	4 / 0	2026-04-25
1.3.5	4 / 0	2026-04-24
1.3.3	3 / 0	2025-08-02
1.3.2	3 / 0	2025-07-18
1.3.1	3 / 0	2025-07-17
1.3.0	3 / 0	2025-07-17
1.2.4	3 / 0	2025-07-17

v1.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.