@gapi/core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Established scoped GraphQL framework package; name similarity to 'cors' is coincidental, not impersonation. | ai |
Versions (showing 51 of 52)
| Version | Deps | Published |
|---|---|---|
| 1.8.229 | 5 / 2 | |
| 1.8.228 | 5 / 2 | |
| 1.8.227 | 5 / 2 | |
| 1.8.226 | 5 / 2 | |
| 1.8.225 | 5 / 2 | |
| 1.8.224 | 5 / 2 | |
| 1.8.223 | 5 / 2 | |
| 1.8.222 | 5 / 2 | |
| 1.8.221 | 5 / 2 | |
| 1.8.220 | 5 / 2 | |
| 1.8.219 | 5 / 2 | |
| 1.8.218 | 5 / 2 | |
| 1.8.217 | 5 / 2 | |
| 1.8.216 | 5 / 2 | |
| 1.8.215 | 5 / 2 | |
| 1.8.214 | 5 / 2 | |
| 1.8.213 | 5 / 2 | |
| 1.8.212 | 5 / 2 | |
| 1.8.211 | 5 / 2 | |
| 1.8.210 | 5 / 2 | |
| 1.8.209 | 5 / 2 | |
| 1.8.208 | 5 / 2 | |
| 1.8.207 | 5 / 2 | |
| 1.8.206 | 5 / 2 | |
| 1.8.205 | 5 / 2 | |
| 1.8.204 | 5 / 2 | |
| 1.8.203 | 5 / 2 | |
| 1.8.202 | 5 / 2 | |
| 1.8.201 | 5 / 2 | |
| 1.8.200 | 5 / 2 | |
| 1.8.199 | 5 / 2 | |
| 1.8.198 | 5 / 2 | |
| 1.8.197 | 5 / 2 | |
| 1.8.196 | 5 / 2 | |
| 1.8.195 | 5 / 2 | |
| 1.8.194 | 5 / 2 | |
| 1.8.193 | 5 / 2 | |
| 1.8.192 | 5 / 2 | |
| 1.8.191 | 5 / 2 | |
| 1.8.190 | 5 / 2 | |
| 1.8.189 | 5 / 2 | |
| 1.8.188 | 5 / 2 | |
| 1.8.187 | 5 / 2 | |
| 1.8.186 | 5 / 2 | |
| 1.8.185 | 5 / 2 | |
| 1.8.184 | 5 / 2 | |
| 1.8.183 | 5 / 2 | |
| 1.8.182 | 5 / 2 | |
| 1.8.181 | 5 / 2 | |
| 1.8.180 | 6 / 2 | |
| 1.8.179 | 6 / 2 |
v1.8.229
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.228
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.227
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.226
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.225
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.224
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.223
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.222
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.221
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.220
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.219
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.218
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.216
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.215
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.214
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.213
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.212
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.211
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.210
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.204
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.203
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.202
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.201
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.200
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.199
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.198
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.197
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.196
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.195
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.194
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.193
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.192
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.191
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.190
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.189
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.187
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.186
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.185
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.184
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.183
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.182
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.181
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.180
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.179
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.