@everymatrix/general-registration-hsl
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cjs/general-registration-hsl-34921616.js | AI (source-diff): Standard Stencil.js minified bundle output; content is readable i18n strings and component logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/general-registration-hsl/general-registration-hsl-e1d89023.js | AI (source-diff): Minified web component bundle consistent with Stencil.js build output for this package family. | ai | |
| source-diff | obfuscated-file:dist/esm/general-registration-hsl-e1d89023.js | AI (source-diff): Standard Stencil.js minified ESM bundle; no malicious patterns in sampled content. | ai | |
| source-diff | obfuscated-file:dist/general-registration-hsl/general-registration-hsl-4dbf0a6a.js | AI (source-diff): Standard Vite/Rollup minified bundle output; readable error strings and DOM helpers confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/cjs/PlayerConsents-Duni8Aqx-1d0f4f21.js | AI (source-diff): Standard minified CJS bundle; Svelte runtime patterns visible in sample, no obfuscation indicators. | ai | |
| source-diff | obfuscated-file:dist/esm/PlayerConsents-Duni8Aqx-dd7cf325.js | AI (source-diff): Standard minified ESM bundle; same Svelte runtime pattern as CJS counterpart. | ai | |
| source-diff | obfuscated-file:dist/general-registration-hsl/PlayerConsents-Duni8Aqx-dd7cf325.js | AI (source-diff): Standard minified bundle; readable DOM/event helper functions confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/esm/PlayerConsents-BtzEjirY-52f88049.js | AI (source-diff): Standard minified Svelte/Vite build output; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/general-registration-hsl/PlayerConsents-BtzEjirY-52f88049.js | AI (source-diff): Standard minified Svelte/Vite build output; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/general-registration-hsl/general-registration-hsl-aa81d758.js | AI (source-diff): Standard minified bundle with readable i18n error strings; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/PlayerConsents-BtzEjirY-0870c312.js | AI (source-diff): Standard minified Svelte/Vite build output; not obfuscated malware. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent pattern across the @everymatrix package family; not a malware indicator here. | ai | |
| provenance | no-provenance | AI (provenance): Internal corporate package published to JFrog Artifactory; provenance attestation not expected. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established @everymatrix scoped package family with 265 versions; stub/placeholder releases are normal for this publisher's widget pipeline. | ai |
Versions (showing 100 of 226)
| Version | Deps | Published |
|---|---|---|
| 0.12.10 | 0 / 0 | |
| 0.12.9 | 0 / 0 | |
| 0.12.8 | 0 / 0 | |
| 0.12.7 | 0 / 0 | |
| 0.12.5 | 0 / 0 | |
| 0.12.2 | 0 / 0 | |
| 0.12.1 | 0 / 0 | |
| 0.12.0 | 0 / 0 | |
| 0.11.23 | 0 / 0 | |
| 0.11.22 | 0 / 0 | |
| 0.11.21 | 0 / 0 | |
| 0.11.20 | 0 / 0 | |
| 0.11.19 | 0 / 0 | |
| 0.11.18 | 0 / 0 | |
| 0.11.17 | 0 / 0 | |
| 0.11.16 | 0 / 0 | |
| 0.11.15 | 0 / 0 | |
| 0.11.14 | 0 / 0 | |
| 0.11.13 | 0 / 0 | |
| 0.11.12 | 0 / 0 | |
| 0.11.11 | 0 / 0 | |
| 0.11.10 | 0 / 0 | |
| 0.11.9 | 0 / 0 | |
| 0.11.8 | 0 / 0 | |
| 0.11.7 | 0 / 0 | |
| 0.11.6 | 0 / 0 | |
| 0.11.5 | 0 / 0 | |
| 0.11.4 | 0 / 0 | |
| 0.11.3 | 0 / 0 | |
| 0.11.2 | 0 / 0 | |
| 0.11.1 | 0 / 0 | |
| 0.11.0 | 0 / 0 | |
| 0.10.3 | 0 / 0 | |
| 0.10.2 | 0 / 0 | |
| 0.10.1 | 0 / 0 | |
| 0.10.0 | 0 / 0 | |
| 0.9.12 | 0 / 0 | |
| 0.9.11 | 0 / 0 | |
| 0.9.10 | 0 / 0 | |
| 0.9.9 | 0 / 0 | |
| 0.9.8 | 0 / 0 | |
| 0.9.7 | 0 / 0 | |
| 0.9.6 | 0 / 0 | |
| 0.9.5 | 0 / 0 | |
| 0.9.4 | 0 / 0 | |
| 0.9.3 | 0 / 0 | |
| 0.9.2 | 0 / 0 | |
| 0.9.1 | 0 / 0 | |
| 0.9.0 | 0 / 0 | |
| 0.8.0 | 0 / 0 | |
| 0.7.2 | 0 / 0 | |
| 0.7.1 | 0 / 0 | |
| 0.7.0 | 0 / 0 | |
| 0.6.19 | 0 / 0 | |
| 0.6.18 | 0 / 0 | |
| 0.6.17 | 0 / 0 | |
| 0.6.16 | 0 / 0 | |
| 0.6.15 | 0 / 0 | |
| 0.6.14 | 0 / 0 | |
| 0.6.13 | 0 / 0 | |
| 0.6.12 | 0 / 0 | |
| 0.6.11 | 0 / 0 | |
| 0.6.10 | 0 / 0 | |
| 0.6.9 | 0 / 0 | |
| 0.6.8 | 0 / 0 | |
| 0.6.7 | 0 / 0 | |
| 0.6.6 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.6.3 | 0 / 0 | |
| 0.6.2 | 0 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.3.31 | 0 / 0 | |
| 0.3.30 | 0 / 0 | |
| 0.3.29 | 0 / 0 | |
| 0.3.28 | 0 / 0 | |
| 0.3.27 | 0 / 0 | |
| 0.3.26 | 0 / 0 | |
| 0.3.25 | 0 / 0 | |
| 0.3.24 | 0 / 0 | |
| 0.3.23 | 0 / 0 | |
| 0.3.22 | 0 / 0 | |
| 0.3.21 | 0 / 0 | |
| 0.3.20 | 0 / 0 | |
| 0.3.18 | 0 / 0 | |
| 0.3.17 | 0 / 0 | |
| 0.3.16 | 0 / 0 | |
| 0.3.15 | 0 / 0 | |
| 0.3.14 | 0 / 0 | |
| 0.3.13 | 0 / 0 | |
| 0.3.12 | 0 / 0 | |
| 0.3.11 | 0 / 0 | |
| 0.3.10 | 0 / 0 | |
| 0.3.9 | 0 / 0 | |
| 0.3.8 | 0 / 0 | |
| 0.3.7 | 0 / 0 | |
| 0.3.6 | 0 / 0 | |
| 0.3.5 | 0 / 0 | |
| 0.3.4 | 0 / 0 |
v0.12.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.9
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.21
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.20
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.19
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.18
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.12
2 findingsThis version was published by a different npm account than previous versions on 2025-11-19. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.