@furystack/auth-google
Google Authentication Provider for FuryStack
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): google-auth-library is the official Google OAuth client library; addition is expected for this auth package's functionality. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version refactor with new client/server split; size increase consistent with added google-auth-library integration code. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase attributable to major version restructuring and new google-auth-library integration, not injected payload. | ai | |
| phantom-deps | phantom-dep:@furystack/repository | AI (phantom-deps): Same-org monorepo dep; declared as runtime dependency, phantom-dep heuristic is a false positive here. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 11.0.2 | 6 / 4 | |
| 11.0.1 | 6 / 4 | |
| 11.0.0 | 6 / 4 | |
| 10.0.10 | 6 / 4 | |
| 10.0.9 | 6 / 4 | |
| 10.0.8 | 6 / 4 | |
| 10.0.7 | 6 / 4 | |
| 10.0.6 | 6 / 4 | |
| 10.0.5 | 6 / 4 | |
| 10.0.4 | 6 / 4 | |
| 10.0.3 | 6 / 4 | |
| 10.0.2 | 6 / 4 | |
| 10.0.1 | 6 / 4 | |
| 10.0.0 | 6 / 4 | |
| 9.0.41 | 5 / 4 | |
| 9.0.40 | 4 / 4 | |
| 9.0.39 | 4 / 4 | |
| 9.0.38 | 4 / 4 | |
| 9.0.37 | 4 / 4 | |
| 9.0.36 | 4 / 4 | |
| 9.0.35 | 4 / 4 | |
| 9.0.34 | 4 / 4 | |
| 9.0.33 | 4 / 4 | |
| 9.0.32 | 4 / 4 | |
| 9.0.31 | 4 / 4 | |
| 9.0.30 | 4 / 4 |
v11.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v10.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.0.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.