@gapi/onesignal-notifications
#### @Gapi OneSignal Notifications module @StrongTyped forked and re-written with typescript from [onesignal-node](https://github.com/KolektifLabs/onesignal-node)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): Package has an automated publish script; rapid successive publishes are the normal release pattern across 628 versions. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Established publisher (181 approved packages, 0 rejected); no material changes in this version. | ai | |
| dependencies | unvetted-dep:request | AI (dependencies): request@^2.88.0 is a long-standing, well-known HTTP library; deprecated but not malicious. Stable pattern for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established package with long history; lack of provenance is common and not a risk signal here. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 1.8.229 | 1 / 3 | |
| 1.8.228 | 1 / 3 | |
| 1.8.219 | 1 / 3 | |
| 1.8.218 | 1 / 3 | |
| 1.8.217 | 1 / 3 | |
| 1.8.216 | 1 / 3 | |
| 1.8.215 | 1 / 3 | |
| 1.8.209 | 1 / 3 | |
| 1.8.201 | 1 / 3 | |
| 1.8.192 | 1 / 3 | |
| 1.8.191 | 1 / 3 | |
| 1.8.189 | 1 / 3 | |
| 1.8.186 | 1 / 3 | |
| 1.8.184 | 1 / 3 | |
| 1.8.182 | 1 / 3 | |
| 1.8.180 | 1 / 3 | |
| 1.8.179 | 1 / 3 | |
| 1.8.178 | 1 / 3 | |
| 1.8.172 | 1 / 3 | |
| 1.8.168 | 1 / 3 | |
| 1.8.166 | 1 / 3 | |
| 1.8.163 | 1 / 3 | |
| 1.8.162 | 1 / 3 | |
| 1.8.160 | 1 / 3 | |
| 1.8.159 | 1 / 3 | |
| 1.8.157 | 1 / 3 | |
| 1.8.155 | 1 / 3 |
v1.8.229
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.228
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.219
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.218
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.216
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.215
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.209
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.201
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.192
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.191
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.189
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.186
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.184
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.182
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.180
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.179
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.178
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.172
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.168
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.166
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.163
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.162
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.160
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.159
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.157
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.155
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.