@dfinity/nns
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:qs | AI (typosquat): @dfinity/nns is a legitimate, long-established DFINITY Foundation package with no resemblance to 'qs'. The Levenshtein match is a false positive on a scoped package name. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 12.1.0 | 0 / 0 | |
| 12.0.0 | 0 / 0 | |
| 11.1.4 | 1 / 0 | |
| 11.1.3 | 1 / 0 | |
| 11.1.2 | 1 / 0 | |
| 11.1.1 | 1 / 0 | |
| 11.1.0 | 1 / 0 | |
| 11.0.0 | 1 / 0 |
v12.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.