@escapenavigator/utils
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Internal scoped package; lack of provenance is consistent across all versions and not a standalone risk signal. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal scoped org package; missing metadata is expected for private/internal tooling, not a spam/malware indicator. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal org utility package; missing description is consistent across all versions. | ai |
Versions (showing 100 of 117)
| Version | Deps | Published |
|---|---|---|
| 1.10.150 | 6 / 4 | |
| 1.10.149 | 6 / 4 | |
| 1.10.148 | 6 / 4 | |
| 1.10.147 | 6 / 4 | |
| 1.10.146 | 6 / 4 | |
| 1.10.145 | 7 / 4 | |
| 1.10.144 | 7 / 4 | |
| 1.10.143 | 7 / 4 | |
| 1.10.142 | 7 / 4 | |
| 1.10.141 | 7 / 4 | |
| 1.10.140 | 7 / 4 | |
| 1.10.139 | 7 / 4 | |
| 1.10.138 | 7 / 4 | |
| 1.10.137 | 7 / 4 | |
| 1.10.136 | 7 / 4 | |
| 1.10.135 | 7 / 4 | |
| 1.10.134 | 7 / 4 | |
| 1.10.133 | 6 / 4 | |
| 1.10.132 | 6 / 4 | |
| 1.10.131 | 5 / 4 | |
| 1.10.130 | 5 / 4 | |
| 1.10.129 | 5 / 4 | |
| 1.10.128 | 5 / 4 | |
| 1.10.127 | 5 / 4 | |
| 1.10.126 | 5 / 4 | |
| 1.10.125 | 5 / 4 | |
| 1.10.112 | 5 / 4 | |
| 1.10.111 | 5 / 4 | |
| 1.10.110 | 5 / 4 | |
| 1.10.109 | 5 / 4 | |
| 1.10.108 | 5 / 4 | |
| 1.10.107 | 7 / 18 | |
| 1.10.106 | 7 / 18 | |
| 1.10.105 | 7 / 18 | |
| 1.10.104 | 7 / 18 | |
| 1.10.103 | 7 / 18 | |
| 1.10.102 | 7 / 18 | |
| 1.10.101 | 7 / 18 | |
| 1.10.100 | 7 / 18 | |
| 1.10.99 | 7 / 18 | |
| 1.10.97 | 7 / 18 | |
| 1.10.96 | 7 / 18 | |
| 1.10.95 | 7 / 18 | |
| 1.10.94 | 7 / 18 | |
| 1.10.93 | 7 / 18 | |
| 1.10.92 | 7 / 18 | |
| 1.10.91 | 7 / 18 | |
| 1.10.90 | 7 / 18 | |
| 1.10.89 | 7 / 18 | |
| 1.10.88 | 7 / 18 | |
| 1.10.85 | 7 / 18 | |
| 1.10.83 | 7 / 18 | |
| 1.10.77 | 7 / 18 | |
| 1.10.75 | 7 / 18 | |
| 1.10.68 | 7 / 18 | |
| 1.10.67 | 7 / 18 | |
| 1.10.66 | 7 / 18 | |
| 1.10.65 | 7 / 18 | |
| 1.10.64 | 7 / 18 | |
| 1.10.63 | 7 / 18 | |
| 1.10.62 | 7 / 18 | |
| 1.10.61 | 7 / 18 | |
| 1.10.60 | 7 / 18 | |
| 1.10.59 | 7 / 18 | |
| 1.10.58 | 7 / 18 | |
| 1.10.54 | 7 / 18 | |
| 1.10.53 | 7 / 18 | |
| 1.10.52 | 7 / 18 | |
| 1.10.51 | 7 / 18 | |
| 1.10.50 | 7 / 18 | |
| 1.10.48 | 7 / 18 | |
| 1.10.47 | 7 / 18 | |
| 1.10.46 | 7 / 18 | |
| 1.10.45 | 7 / 18 | |
| 1.10.44 | 7 / 18 | |
| 1.10.43 | 7 / 18 | |
| 1.10.42 | 7 / 18 | |
| 1.10.41 | 7 / 18 | |
| 1.10.40 | 7 / 18 | |
| 1.10.39 | 7 / 18 | |
| 1.10.38 | 7 / 18 | |
| 1.10.37 | 7 / 18 | |
| 1.10.36 | 7 / 18 | |
| 1.10.35 | 7 / 18 | |
| 1.10.34 | 7 / 18 | |
| 1.10.33 | 7 / 18 | |
| 1.10.31 | 7 / 18 | |
| 1.10.30 | 7 / 18 | |
| 1.10.29 | 7 / 18 | |
| 1.10.28 | 7 / 18 | |
| 1.10.26 | 7 / 18 | |
| 1.10.25 | 7 / 18 | |
| 1.10.24 | 7 / 18 | |
| 1.10.20 | 7 / 18 | |
| 1.10.19 | 7 / 18 | |
| 1.10.18 | 7 / 18 | |
| 1.10.17 | 7 / 18 | |
| 1.10.16 | 7 / 18 | |
| 1.10.15 | 7 / 18 | |
| 1.10.14 | 7 / 18 |
v1.10.150
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.149
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.148
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.147
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.146
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.145
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.144
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.143
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.142
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.141
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.140
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.139
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.138
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.137
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.136
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.135
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.134
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.133
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.132
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.131
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.130
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.129
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.128
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.127
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.126
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.125
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.112
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.111
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.110
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.109
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.108
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.106
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.105
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.104
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.103
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.102
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.101
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.100
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.99
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.97
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.96
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.95
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.94
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.93
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.92
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.91
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.90
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.89
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.88
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.85
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.83
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.75
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.67
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.65
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.