@helia/utils No license 22 versions

@helia/utils

npm Repository Homepage

22

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

npm-service-account-ipfsachingbrain

Keywords

IPFS

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): ipfs/helia migrated from npm-service-account-ipfs to GitHub Actions publishing; SLSA attestation confirms CI/CD origin. This transition is stable for all future versions.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Sub-package in an active monorepo; long gaps between individual package releases are normal. SLSA provenance confirms legitimate publish origin.	ai	2026/04/27
dependencies	unvetted-dep:it-foreach	AI (dependencies): it-foreach is a standard async iterator utility from the IPFS/libp2p ecosystem, consistently used across helia and libp2p packages. Low risk, stable dependency.	ai	2026/04/26
provenance	slsa-provenance	AI (provenance): Package is published via CI/CD with Sigstore SLSA provenance attestation from the official ipfs/helia monorepo — strong supply chain integrity signal.	ai	2026/04/25

Versions (showing 22 of 22)

Version	Deps	Published
2.5.2	27 / 11	2026-04-21
2.5.1	27 / 11	2026-04-13
2.5.0	27 / 11	2026-04-09
2.4.2	27 / 11	2026-02-05
2.4.1	27 / 11	2026-02-05
2.4.0	27 / 11	2026-02-04
2.3.5	28 / 10	2026-02-02
2.3.4	28 / 10	2026-01-15
2.3.3	28 / 10	2025-12-15
2.3.2	28 / 10	2025-12-12
2.3.1	28 / 10	2025-12-12
2.3.0	28 / 10	2025-11-20
2.2.5	28 / 10	2025-11-14
2.2.4	28 / 10	2025-11-13
2.2.3	28 / 10	2025-10-29
2.2.2	28 / 10	2025-10-27
2.2.1	28 / 10	2025-10-22
2.2.0	28 / 10	2025-10-20
2.1.1	28 / 10	2025-10-17
2.1.0	27 / 11	2025-10-17
2.0.1	27 / 11	2025-10-09
2.0.0	27 / 11	2025-10-09

v2.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.