@fireproof/core
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): @fireproof/core is a long-established package in its own namespace; Levenshtein match to 'cors' is coincidental. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): @types/node is a type-only dev dependency; not directly imported at runtime by convention. | ai | |
| phantom-deps | phantom-dep:@adviser/cement | AI (phantom-deps): Referenced in config files per analyzer note; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@fireproof/vendor | AI (phantom-deps): Same org scope; used as a vendored bundle, not directly imported in source. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 0.24.19 | 5 / 0 | |
| 0.24.16 | 5 / 0 | |
| 0.24.15 | 5 / 0 | |
| 0.24.14 | 5 / 0 | |
| 0.24.13 | 5 / 0 | |
| 0.24.12 | 5 / 0 | |
| 0.24.11 | 5 / 0 | |
| 0.24.10 | 5 / 0 | |
| 0.24.9 | 5 / 0 | |
| 0.24.8 | 5 / 0 | |
| 0.24.7 | 5 / 0 | |
| 0.24.6 | 5 / 0 | |
| 0.24.0 | 5 / 0 | |
| 0.23.15 | 5 / 0 | |
| 0.23.14 | 5 / 0 | |
| 0.23.13 | 5 / 0 | |
| 0.23.11 | 5 / 0 | |
| 0.23.10 | 5 / 0 | |
| 0.23.8 | 5 / 0 | |
| 0.23.7 | 5 / 0 | |
| 0.23.6 | 5 / 0 | |
| 0.23.5 | 5 / 0 | |
| 0.23.3 | 5 / 0 | |
| 0.23.2 | 5 / 0 | |
| 0.23.1 | 5 / 0 | |
| 0.23.0 | 5 / 0 | |
| 0.20.5 | 15 / 0 |
v0.24.16
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.15
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.14
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.12
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.11
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.9
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.6
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.1
2 findingsPackage name '@fireproof/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.