@dynatrace/dtrum-api-types
Typescript types for the Dynatrace RUM JavaScript dtrum.* API
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Pure type-definition package; no executable code; provenance gap is low risk for this package. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 1.341.2 | 0 / 0 | |
| 1.341.1 | 0 / 0 | |
| 1.339.9 | 0 / 0 | |
| 1.339.8 | 0 / 0 | |
| 1.339.7 | 0 / 0 | |
| 1.339.6 | 0 / 0 | |
| 1.339.5 | 0 / 0 | |
| 1.339.4 | 0 / 0 | |
| 1.339.3 | 0 / 0 | |
| 1.337.12 | 0 / 0 | |
| 1.337.11 | 0 / 0 | |
| 1.337.10 | 0 / 0 | |
| 1.337.9 | 0 / 0 | |
| 1.337.8 | 0 / 0 | |
| 1.337.7 | 0 / 0 | |
| 1.337.6 | 0 / 0 | |
| 1.337.5 | 0 / 0 | |
| 1.337.4 | 0 / 0 | |
| 1.337.3 | 0 / 0 | |
| 1.337.2 | 0 / 0 | |
| 1.337.1 | 0 / 0 | |
| 1.335.9 | 0 / 0 | |
| 1.335.7 | 0 / 0 | |
| 1.335.6 | 0 / 0 | |
| 1.335.5 | 0 / 0 | |
| 1.333.16 | 0 / 0 | |
| 1.333.12 | 0 / 0 | |
| 1.333.10 | 0 / 0 | |
| 1.333.4 | 0 / 0 | |
| 1.333.2 | 0 / 0 | |
| 1.331.9 | 0 / 0 | |
| 1.329.4 | 0 / 0 | |
| 1.327.2 | 0 / 0 | |
| 1.325.2 | 0 / 0 | |
| 1.325.1 | 0 / 0 | |
| 1.323.1 | 0 / 0 | |
| 1.321.4 | 0 / 0 | |
| 1.319.3 | 0 / 0 | |
| 1.317.5 | 0 / 0 | |
| 1.315.1 | 0 / 0 | |
| 1.313.2 | 0 / 0 | |
| 1.311.3 | 0 / 0 | |
| 1.309.4 | 0 / 0 |
v1.341.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.341.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.339.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.337.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.335.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.335.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.335.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.335.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.333.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.333.12
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kamtschatka.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.333.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kamtschatka.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.333.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kamtschatka.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.333.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kamtschatka.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.331.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.329.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.327.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.325.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.325.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.323.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.321.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.319.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.317.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.315.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.313.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.311.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.309.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.