← Home

@gramota/jose

npm Repository Homepage

JWS signing and verification for the EU Digital Identity Wallet, ES256/EdDSA/RS256/PS256 with strict algorithm allowlists.

4
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

dominent

Keywords

jwsjwkjwtjoseietfrfc7515rfc7517eudisd-jwt-vcx5c

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:jest AI (typosquat): @gramota/jose is a JOSE/JWS crypto library, not a typosquat of jest; name is intentional and scoped. ai
typosquat typosquat.levenshtein:joi AI (typosquat): @gramota/jose is a JOSE/JWS crypto library, not a typosquat of joi; name is intentional and scoped. ai

Versions (showing 4 of 4)

Version Deps Published
0.3.0 2 / 0
0.2.1 2 / 0
0.2.0 1 / 0
0.1.0 1 / 0

v0.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.