@hestia-earth/api
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:passport-gitlab2 | AI (phantom-deps): Used as a Passport strategy configured at runtime, not directly imported in source files. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): Scoped @hestia-earth org package; Levenshtein match to 'hapi' is a false positive across all versions. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped @hestia-earth org package; Levenshtein match to 'pg' is a false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped @hestia-earth org package; Levenshtein match to 'joi' is a false positive. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): Scoped @hestia-earth org package; Levenshtein match to 'ajv' is a false positive. | ai | |
| phantom-deps | phantom-dep:@hestia-earth/json-schema | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic unreliable for type-only or indirect usage patterns. | ai |
Versions (showing 91 of 91)
| Version | Deps | Published |
|---|---|---|
| 0.26.6 | 3 / 0 | |
| 0.26.5 | 3 / 90 | |
| 0.26.4 | 3 / 90 | |
| 0.26.3 | 3 / 90 | |
| 0.26.2 | 3 / 90 | |
| 0.26.1 | 3 / 90 | |
| 0.26.0 | 3 / 90 | |
| 0.25.79 | 3 / 90 | |
| 0.25.78 | 3 / 90 | |
| 0.25.77 | 3 / 90 | |
| 0.25.76 | 3 / 90 | |
| 0.25.75 | 3 / 90 | |
| 0.25.74 | 3 / 90 | |
| 0.25.73 | 3 / 90 | |
| 0.25.72 | 3 / 90 | |
| 0.25.71 | 3 / 90 | |
| 0.25.70 | 3 / 90 | |
| 0.25.69 | 3 / 93 | |
| 0.25.68 | 3 / 93 | |
| 0.25.67 | 3 / 93 | |
| 0.25.66 | 3 / 93 | |
| 0.25.65 | 3 / 93 | |
| 0.25.64 | 3 / 93 | |
| 0.25.63 | 3 / 92 | |
| 0.25.62 | 3 / 92 | |
| 0.25.61 | 3 / 92 | |
| 0.25.60 | 3 / 92 | |
| 0.25.59 | 3 / 92 | |
| 0.25.58 | 3 / 92 | |
| 0.25.57 | 3 / 92 | |
| 0.25.56 | 3 / 92 | |
| 0.25.55 | 3 / 92 | |
| 0.25.54 | 3 / 92 | |
| 0.25.53 | 3 / 92 | |
| 0.25.52 | 3 / 92 | |
| 0.25.51 | 3 / 92 | |
| 0.25.50 | 4 / 89 | |
| 0.25.49 | 4 / 89 | |
| 0.25.48 | 4 / 89 | |
| 0.25.47 | 4 / 89 | |
| 0.25.46 | 4 / 83 | |
| 0.25.45 | 4 / 83 | |
| 0.25.44 | 4 / 83 | |
| 0.25.43 | 4 / 83 | |
| 0.25.42 | 4 / 83 | |
| 0.25.41 | 4 / 83 | |
| 0.25.40 | 4 / 83 | |
| 0.25.39 | 4 / 83 | |
| 0.25.38 | 4 / 83 | |
| 0.25.37 | 4 / 83 | |
| 0.25.36 | 4 / 83 | |
| 0.25.35 | 4 / 83 | |
| 0.25.34 | 4 / 83 | |
| 0.25.33 | 4 / 83 | |
| 0.25.32 | 4 / 83 | |
| 0.25.31 | 4 / 83 | |
| 0.25.30 | 4 / 83 | |
| 0.25.29 | 4 / 83 | |
| 0.25.28 | 4 / 83 | |
| 0.25.27 | 4 / 83 | |
| 0.25.26 | 4 / 83 | |
| 0.25.25 | 4 / 83 | |
| 0.25.24 | 4 / 83 | |
| 0.25.23 | 4 / 83 | |
| 0.25.22 | 4 / 83 | |
| 0.25.21 | 4 / 83 | |
| 0.25.20 | 4 / 83 | |
| 0.25.19 | 4 / 83 | |
| 0.25.18 | 4 / 83 | |
| 0.25.17 | 4 / 83 | |
| 0.25.16 | 4 / 83 | |
| 0.25.15 | 4 / 83 | |
| 0.25.14 | 4 / 83 | |
| 0.25.13 | 3 / 83 | |
| 0.25.12 | 3 / 83 | |
| 0.25.11 | 3 / 83 | |
| 0.25.10 | 3 / 83 | |
| 0.25.9 | 3 / 84 | |
| 0.25.8 | 3 / 84 | |
| 0.25.7 | 3 / 84 | |
| 0.25.6 | 3 / 84 | |
| 0.25.5 | 3 / 84 | |
| 0.25.4 | 3 / 84 | |
| 0.25.3 | 3 / 84 | |
| 0.25.2 | 3 / 84 | |
| 0.25.1 | 3 / 84 | |
| 0.25.0 | 3 / 84 | |
| 0.24.82 | 3 / 84 | |
| 0.24.81 | 3 / 84 | |
| 0.24.80 | 3 / 84 | |
| 0.24.79 | 3 / 84 |
v0.26.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.79
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.75
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.72
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.69
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.68
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.67
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.66
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.65
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.62
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.61
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.59
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.58
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.52
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.51
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.50
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.47
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.46
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.40
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.39
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.36
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.30
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.29
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.28
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.27
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.20
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.14
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.13
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.12
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.4
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.0
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.82
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.81
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.80
2 findingsPackage name '@hestia-earth/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.