← Home

@discordjs/rest

npm Repository Homepage
4
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

crawlhydrabolt

Keywords

discordapirestdiscordappdiscordjs

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:jest AI (typosquat): @discordjs/rest is a legitimate, well-established Discord.js package. Levenshtein distance to 'jest' is a false positive from naive string matching on a scoped package name. ai
typosquat typosquat.levenshtein:next AI (typosquat): @discordjs/rest is a legitimate Discord.js REST package with no relation to 'next'. String distance comparison is a false positive. ai
typosquat typosquat.levenshtein:react AI (typosquat): @discordjs/rest is a legitimate Discord.js REST package with no relation to 'react'. String distance comparison is a false positive. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a standard TypeScript runtime helper; its use as an implicit dependency in TypeScript-compiled packages is a well-known, benign pattern. ai
dependencies unvetted-dep:@discordjs/util AI (dependencies): @discordjs/util is a first-party discord.js monorepo package; expected dependency for this package. ai
dependencies unvetted-dep:discord-api-types AI (dependencies): discord-api-types is a well-known, widely-used Discord API type definitions package; expected dependency for discord.js packages. ai
dependencies unvetted-dep:@sapphire/snowflake AI (dependencies): @sapphire/snowflake is a well-known Sapphire framework utility package used throughout the Discord.js ecosystem. ai
dependencies unvetted-dep:@discordjs/collection AI (dependencies): @discordjs/collection is a first-party discord.js monorepo package; expected dependency. ai
dependencies unvetted-dep:@sapphire/async-queue AI (dependencies): @sapphire/async-queue is a well-known Sapphire framework utility package used throughout the Discord.js ecosystem. ai
dependencies unvetted-dep:@vladfrangu/async_event_emitter AI (dependencies): @vladfrangu/async_event_emitter is authored by a listed discord.js contributor (Vlad Frangu) and is a known dependency of this package. ai

Versions (showing 4 of 4)

Version Deps Published
2.6.1 9 / 15
2.6.0 9 / 15
2.5.1 9 / 15
2.5.0 9 / 15

v2.6.1

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'jest' typosquat

Package name '@discordjs/rest' is 1 edit(s) away from popular package 'jest'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.