@discordjs/ws
3
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
crawlhydrabolt
Keywords
discordapigatewaydiscordappdiscordjs
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:qs | AI (typosquat): @discordjs/ws is a scoped package in the official discord.js namespace, not a typosquat of 'qs'. Completely different purpose and namespace. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): @discordjs/ws is a scoped package in the official discord.js namespace, not a typosquat of 'pg'. Completely different purpose and namespace. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; its presence as a declared dependency without direct import is normal for TypeScript-compiled packages. | ai | |
| phantom-deps | phantom-dep:@types/ws | AI (phantom-deps): @types/ws is a TypeScript type definition package; being declared but not directly imported is expected behavior for type-only dependencies. | ai |
v2.0.4
2 findings
HIGH
typosquat.levenshtein: Possible typosquat of 'qs'
typosquat
Package name '@discordjs/ws' is 1 edit(s) away from popular package 'qs'.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.