@feasibleone/blong-login No license 19 versions

@feasibleone/blong-login

npm Repository Homepage

Login and authentication utilities for the Blong framework

19

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kalin.krustev

Keywords

blongradframework

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Package publishes via GitHub Actions with SLSA provenance attestation; missing gitHead is expected in this CI publish flow.	ai	2026/05/31
phantom-deps	phantom-dep:@types/ut-function.cbc	AI (phantom-deps): Local file-dep types bundle; not a runtime import, stable false positive for this package.	ai	2026/05/30
npm-metadata	url-dep:@types/ut-function.cbc	AI (npm-metadata): file: dep is a local types bundle bundled with the package, not a remote URL; low supply-chain risk.	ai	2026/05/30
phantom-deps	phantom-dep:jose	AI (phantom-deps): Monorepo TypeScript package; deps declared in package.json but source not compiled into dist at publish time.	ai	2026/05/29
phantom-deps	phantom-dep:@feasibleone/blong	AI (phantom-deps): Same-org workspace dependency; expected phantom-dep in monorepo context.	ai	2026/05/29
phantom-deps	phantom-dep:ut-function.cbc	AI (phantom-deps): Same monorepo pattern; phantom-dep is a heuristic false positive here.	ai	2026/05/29
phantom-deps	phantom-dep:@sinclair/typebox	AI (phantom-deps): Same monorepo pattern; phantom-dep is a heuristic false positive here.	ai	2026/05/29

Versions (showing 19 of 19)

Version	Deps	Published
1.7.0	3 / 7	2026-05-19
1.6.8	3 / 6	2026-04-26
1.6.7	3 / 8	2026-03-17
1.6.6	3 / 8	2026-03-17
1.6.5	3 / 8	2026-03-10
1.6.4	3 / 8	2026-03-03
1.6.3	3 / 8	2026-03-02
1.6.2	3 / 8	2026-03-02
1.6.1	4 / 7	2026-03-02
1.6.0	4 / 7	2026-03-02
1.5.0	3 / 7	2026-03-01
1.4.0	3 / 7	2026-02-14
1.3.0	3 / 7	2026-02-04
1.2.0	3 / 7	2026-01-31
1.1.0	3 / 7	2026-01-27
1.0.7	3 / 7	2026-01-25
1.0.6	3 / 7	2026-01-25
1.0.5	3 / 7	2026-01-25
0.0.1	4 / 6	2026-01-25

v1.7.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.7

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.6

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.5

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.4

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.3

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.2

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.