@electerm/electerm-locales
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:ssh-key-access | AI (semgrep): Fires on locale/translation string keys referencing SSH terminology, not actual credential access code. Stable false positive for this locales package. | ai |
Versions (showing 31 of 31)
| Version | Deps | Published |
|---|---|---|
| 2.2.16 | 0 / 9 | |
| 2.2.14 | 0 / 9 | |
| 2.2.12 | 0 / 9 | |
| 2.2.10 | 0 / 9 | |
| 2.2.9 | 0 / 10 | |
| 2.2.6 | 0 / 10 | |
| 2.2.5 | 0 / 10 | |
| 2.2.4 | 0 / 10 | |
| 2.2.3 | 0 / 10 | |
| 2.2.2 | 0 / 10 | |
| 2.2.1 | 0 / 10 | |
| 2.2.0 | 0 / 10 | |
| 2.1.66 | 0 / 10 | |
| 2.1.65 | 0 / 10 | |
| 2.1.64 | 0 / 10 | |
| 2.1.63 | 0 / 10 | |
| 2.1.61 | 0 / 10 | |
| 2.1.60 | 0 / 10 | |
| 2.1.59 | 0 / 10 | |
| 2.1.58 | 0 / 10 | |
| 2.1.57 | 0 / 10 | |
| 2.1.56 | 0 / 10 | |
| 2.1.55 | 0 / 10 | |
| 2.1.53 | 0 / 10 | |
| 2.1.51 | 0 / 10 | |
| 2.1.49 | 0 / 10 | |
| 2.1.48 | 0 / 10 | |
| 2.1.47 | 0 / 10 | |
| 2.1.46 | 0 / 10 | |
| 2.1.45 | 0 / 10 | |
| 2.1.44 | 0 / 10 |
v2.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.66
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2542040e2551444c1d5986a4f6451581b514f2ce/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2542040e2551444c1d5986a4f6451581b514f2ce/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2542040e2551444c1d5986a4f6451581b514f2ce/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.65
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/d8ed6a1a122532e26e76b1913dd8fbbc864c465d/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/d8ed6a1a122532e26e76b1913dd8fbbc864c465d/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/d8ed6a1a122532e26e76b1913dd8fbbc864c465d/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.64
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/067b01037110fad9ed287a823eb5aaa0a986356f/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/067b01037110fad9ed287a823eb5aaa0a986356f/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/067b01037110fad9ed287a823eb5aaa0a986356f/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.63
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2f66829e2d35146a3be6ccd5b27269c1f9325c05/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2f66829e2d35146a3be6ccd5b27269c1f9325c05/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/2f66829e2d35146a3be6ccd5b27269c1f9325c05/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.61
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/495304f6b6314957e7551b9c80963be912177d66/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/495304f6b6314957e7551b9c80963be912177d66/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/495304f6b6314957e7551b9c80963be912177d66/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.60
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/b599dfb7e2202fbd5023b40b4ed4d820a8764ae8/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/b599dfb7e2202fbd5023b40b4ed4d820a8764ae8/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/b599dfb7e2202fbd5023b40b4ed4d820a8764ae8/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.59
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/8f00ac391998dd47d8eb52b035c60441110ea912/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/8f00ac391998dd47d8eb52b035c60441110ea912/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/8f00ac391998dd47d8eb52b035c60441110ea912/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.58
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/f5e2e1775275ccc322782b776c6d6663c94f8ede/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/f5e2e1775275ccc322782b776c6d6663c94f8ede/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/f5e2e1775275ccc322782b776c6d6663c94f8ede/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.57
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/390e7c73a5d104a2e260015017907915126a6994/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/390e7c73a5d104a2e260015017907915126a6994/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/390e7c73a5d104a2e260015017907915126a6994/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.56
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/78931dd9f51aec4e115a81bcc0bc2b49db39eefc/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/78931dd9f51aec4e115a81bcc0bc2b49db39eefc/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/78931dd9f51aec4e115a81bcc0bc2b49db39eefc/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.55
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/4c9c8642e4a7d03cc19556716b728c626649b2fd/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/4c9c8642e4a7d03cc19556716b728c626649b2fd/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/4c9c8642e4a7d03cc19556716b728c626649b2fd/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.53
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/71dd2b6a5d3cece7743f96c3c3c92548af712acb/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/71dd2b6a5d3cece7743f96c3c3c92548af712acb/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/71dd2b6a5d3cece7743f96c3c3c92548af712acb/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.51
4 findingsAccessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/544eb3513a8c349ac2a0f9e9755ec69ef91d3af0/esm/ja_jp.mjs#L1 > 1 | export const ja_jp = {lang:{isRunning:'実行中',press:'押す',toShow:'表示',changeLog:'更新履歴',knownIssues:'既知の問題',sponsorElecterm:
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/544eb3513a8c349ac2a0f9e9755ec69ef91d3af0/esm/ko_kr.mjs#L1 > 1 | export const ko_kr = {lang:{isRunning:'이 실행되고 있습니다.',press:'누르기',toShow:'보기',changeLog:'변경 로그',knownIssues:'알려진 문제',spon
Accessing SSH keys — strong indicator of credential theft Source: https://github.com/electerm/electerm-locales/blob/544eb3513a8c349ac2a0f9e9755ec69ef91d3af0/esm/tr_tr.mjs#L1 > 1 | export const tr_tr = {lang:{isRunning:'çalışıyor',press:'bas',toShow:'göster',changeLog:'Değişiklik Günlüğü',knownIssues
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.