@diia-inhouse/providers
common providers
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@diia-inhouse/types | AI (dependencies): Same org scope (@diia-inhouse) as this package; internal ecosystem dependency, not a third-party unknown. | ai | |
| dependencies | unvetted-dep:@diia-inhouse/diia-queue | AI (dependencies): Same org scope (@diia-inhouse) as this package; internal ecosystem dependency, not a third-party unknown. | ai | |
| dependencies | unvetted-dep:@diia-inhouse/validators | AI (dependencies): Same org scope (@diia-inhouse) as this package; internal ecosystem dependency, not a third-party unknown. | ai | |
| dependencies | unvetted-dep:@diia-inhouse/diia-logger | AI (dependencies): Same org scope (@diia-inhouse) as this package; internal ecosystem dependency, not a third-party unknown. | ai | |
| phantom-deps | phantom-dep:@diia-inhouse/utils | AI (phantom-deps): Same-org package used as type-only or transitive import in a TypeScript project; phantom dep flag is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@diia-inhouse/diia-logger | AI (phantom-deps): Same-org package used as type-only or transitive import in a TypeScript project; phantom dep flag is a stable false positive for this package. | ai |
Versions (showing 36 of 36)
| Version | Deps | Published |
|---|---|---|
| 2.3.3 | 9 / 17 | |
| 2.3.2 | 9 / 17 | |
| 2.3.1 | 9 / 17 | |
| 2.3.0 | 9 / 17 | |
| 2.2.2 | 9 / 17 | |
| 2.2.1 | 9 / 17 | |
| 2.2.0 | 9 / 17 | |
| 1.39.31 | 9 / 16 | |
| 1.39.30 | 9 / 16 | |
| 1.39.27 | 9 / 16 | |
| 1.39.26 | 9 / 16 | |
| 1.39.25 | 9 / 16 | |
| 1.39.24 | 9 / 16 | |
| 1.39.23 | 9 / 16 | |
| 1.39.22 | 9 / 16 | |
| 1.39.21 | 9 / 16 | |
| 1.39.20 | 9 / 16 | |
| 1.39.19 | 9 / 16 | |
| 1.39.18 | 9 / 16 | |
| 1.39.17 | 9 / 16 | |
| 1.39.16 | 9 / 16 | |
| 1.39.15 | 9 / 16 | |
| 1.39.14 | 9 / 16 | |
| 1.39.13 | 9 / 16 | |
| 1.39.12 | 9 / 16 | |
| 1.39.11 | 9 / 16 | |
| 1.39.10 | 9 / 16 | |
| 1.39.9 | 9 / 16 | |
| 1.39.8 | 9 / 16 | |
| 1.39.7 | 9 / 16 | |
| 1.39.6 | 9 / 16 | |
| 1.39.5 | 9 / 16 | |
| 1.39.4 | 9 / 16 | |
| 1.39.3 | 9 / 16 | |
| 1.39.2 | 9 / 16 | |
| 1.39.0 | 9 / 16 |
v2.3.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.39.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.