← Home

@defra-fish/sales-api-service

npm Repository Homepage

Rod Licensing Sales API

8
Versions
SEE LICENSE IN LICENSE
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

npm-envagedefradigitaladmindefradigitalcijaucourtifarawaydefra

Keywords

rodlicensingsalesapi

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:shady-links-raw-ip AI (semgrep): Raw IP appears only in test fixtures for local SQS emulator; not production code. ai
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require resolves only package.json by a fixed path join; no arbitrary module loading. ai

Versions (showing 8 of 8)

Version Deps Published
1.71.0 16 / 0
1.70.1 16 / 0
1.70.0 16 / 0
1.68.0 16 / 0
1.66.0 16 / 0
1.63.0 16 / 0
1.62.0 16 / 0
1.61.0 16 / 0

v1.71.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.70.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.70.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.68.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.66.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.63.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.62.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.61.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.