← Home

@flemist/test-variants

npm Repository Homepage

Runs a test function with all possible combinations of its parameters.

25
Versions
Unlimited Free
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nikolay_makhonin

Keywords

testvariantscombinationsenumerationhelper

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:build/createTestVariants-CHE7urh4.js AI (source-diff): Vite/Rollup build artifact; minified but fully readable logic with no malicious patterns. ai
source-diff obfuscated-file:build/createTestVariants-B34VFl9m.js AI (source-diff): Vite/Rollup build artifact with hash suffix; minified but fully readable, no malicious patterns. ai
source-diff obfuscated-file:build/createTestVariants-C2AcN9Rj.js AI (source-diff): Vite/Rollup build artifact with content-hash filename; minified but not obfuscated — no malicious patterns. ai
source-diff obfuscated-file:build/createTestVariants-DHZ0gEE2.js AI (source-diff): Standard Vite/Rollup minified build artifact; content is readable minified JS with no malicious patterns. ai
dependencies unvetted-dep:@flemist/time-limits AI (dependencies): Same-author (@flemist) dependency; consistent with the rest of the package's dependency graph. ai
license uncommon-license:Unlimited Free AI (license): Custom permissive license used consistently across this author's packages; not a security concern. ai
provenance no-provenance AI (provenance): Established package with consistent publishing history; lack of provenance is common and not a risk signal here. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a well-known implicit TypeScript runtime dep; stable false positive for this package. ai

Versions (showing 25 of 25)

Version Deps Published
5.0.16 5 / 30
5.0.15 5 / 30
5.0.14 5 / 30
5.0.13 6 / 30
5.0.12 6 / 30
5.0.11 6 / 30
5.0.10 6 / 30
5.0.9 6 / 30
5.0.8 6 / 30
5.0.7 6 / 30
5.0.5 6 / 30
5.0.3 6 / 30
5.0.2 6 / 30
5.0.1 6 / 30
5.0.0 6 / 30
3.0.3 4 / 48
3.0.2 4 / 48
3.0.1 4 / 48
3.0.0 4 / 48
2.0.5 4 / 48
2.0.4 4 / 48
2.0.3 4 / 48
2.0.2 4 / 48
2.0.1 4 / 48
2.0.0 4 / 48

v5.0.16

2 findings
HIGH New obfuscated file: build/createTestVariants-CHE7urh4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.15

2 findings
HIGH New obfuscated file: build/createTestVariants-C2AcN9Rj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.14

2 findings
HIGH New obfuscated file: build/createTestVariants-DHZ0gEE2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.13

2 findings
HIGH New obfuscated file: build/createTestVariants-B34VFl9m.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.