@heliofi/common
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:moment | AI (phantom-deps): moment is a declared runtime dep used transitively/in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ts-jest | AI (phantom-deps): ts-jest referenced in jest config files; stable false positive for this package. | ai |
Versions (showing 51 of 78)
| Version | Deps | Published |
|---|---|---|
| 0.2.255 | 12 / 1 | |
| 0.2.254 | 12 / 1 | |
| 0.2.253 | 12 / 1 | |
| 0.2.252 | 12 / 1 | |
| 0.2.251 | 12 / 1 | |
| 0.2.248 | 12 / 1 | |
| 0.2.247 | 12 / 1 | |
| 0.2.246 | 12 / 1 | |
| 0.2.245 | 12 / 1 | |
| 0.2.244 | 12 / 1 | |
| 0.2.243 | 12 / 1 | |
| 0.2.242 | 12 / 1 | |
| 0.2.241 | 12 / 1 | |
| 0.2.240 | 12 / 1 | |
| 0.2.239 | 12 / 1 | |
| 0.2.238 | 12 / 1 | |
| 0.2.237 | 12 / 1 | |
| 0.2.236 | 12 / 1 | |
| 0.2.232 | 12 / 1 | |
| 0.2.231 | 12 / 1 | |
| 0.2.230 | 12 / 1 | |
| 0.2.229 | 12 / 1 | |
| 0.2.228 | 12 / 1 | |
| 0.2.226 | 12 / 1 | |
| 0.2.225 | 12 / 1 | |
| 0.2.224 | 12 / 1 | |
| 0.2.222 | 12 / 1 | |
| 0.2.221 | 12 / 1 | |
| 0.2.220 | 12 / 1 | |
| 0.2.219 | 12 / 1 | |
| 0.2.218 | 12 / 1 | |
| 0.2.217 | 12 / 1 | |
| 0.2.214 | 12 / 1 | |
| 0.2.213 | 12 / 1 | |
| 0.2.212 | 12 / 1 | |
| 0.2.211 | 12 / 1 | |
| 0.2.188 | 12 / 2 | |
| 0.2.179 | 11 / 2 | |
| 0.2.177 | 11 / 2 | |
| 0.2.176 | 11 / 2 | |
| 0.2.172 | 11 / 2 | |
| 0.2.168 | 11 / 2 | |
| 0.2.155 | 12 / 2 | |
| 0.2.153 | 12 / 2 | |
| 0.2.152 | 12 / 2 | |
| 0.2.146 | 12 / 2 | |
| 0.2.145 | 12 / 2 | |
| 0.2.144 | 12 / 2 | |
| 0.2.143 | 12 / 2 | |
| 0.2.138 | 12 / 2 | |
| 0.2.137 | 12 / 2 |
v0.2.255
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.254
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.253
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.252
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.251
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.248
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.247
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.246
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.245
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.244
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.243
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.242
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.241
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.240
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.239
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.238
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.237
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.236
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.232
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.231
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.228
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.226
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.225
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.224
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.222
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.221
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.220
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.219
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.218
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.217
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.214
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.213
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.212
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.211
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.179
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.177
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.176
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.172
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.168
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.155
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.146
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.145
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.144
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.143
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.138
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.137
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.