@helia/delegated-routing-v1-http-api-client No license 12 versions

@helia/delegated-routing-v1-http-api-client

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

npm-service-account-ipfsachingbrain

Keywords

IPFS

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): IPFS org migrated to GitHub Actions CI publishing with SLSA provenance; stable pattern for this package.	ai	2026/05/24
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy explained by org-level CI migration; SLSA attestation confirms legitimate publish from official repo.	ai	2026/05/24
dependencies	unvetted-dep:ipns	AI (dependencies): ipns is a core IPFS ecosystem package; its use in a Helia delegated routing client is expected and legitimate.	ai	2026/04/25
dependencies	unvetted-dep:it-ndjson	AI (dependencies): it-ndjson is a standard streaming utility in the IPFS/libp2p ecosystem; its use here is expected for parsing NDJSON HTTP responses.	ai	2026/04/25

Versions (showing 12 of 12)

Version	Deps	Published
7.0.1	12 / 7	2026-05-22
7.0.0	12 / 7	2026-05-22
6.0.1	13 / 6	2026-01-16
6.0.0	13 / 6	2026-01-16
5.2.1	14 / 5	2026-01-15
5.2.0	14 / 5	2026-01-15
5.1.4	14 / 5	2025-12-03
5.1.3	14 / 5	2025-12-03
5.1.2	14 / 5	2025-11-13
5.1.1	14 / 5	2025-10-29
5.1.0	14 / 5	2025-10-27
5.0.1	14 / 5	2025-10-27

v7.0.1

2 findings

HIGH Publisher changed: npm-service-account-ipfs → GitHub Actions (on 2026-05-22) provenance

This version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

2 findings

HIGH Publisher changed: npm-service-account-ipfs → GitHub Actions (on 2026-05-22) provenance

This version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.