@intlayer/core
Includes core Intlayer functions like translation, dictionary, and utility functions shared across multiple packages.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/esm/getContent-DKqtIZGL.mjs | AI (source-diff): Standard minified ESM bundle; i18n content retrieval logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/cjs/getContent-DrqM8pqO.cjs | AI (source-diff): Standard minified CJS bundle output; content is i18n translation logic, no malicious patterns. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Intlayer's README is documentation-heavy with many links; not a phishing/spam package — stable false positive for this org. | ai | |
| source-diff | obfuscated-file:dist/esm/messageFormat/vue-i18n.mjs | AI (source-diff): Standard minified ESM build output; vue-i18n parser, no malicious patterns. | ai | |
| phantom-deps | phantom-dep:@intlayer/dictionaries-entry | AI (phantom-deps): Same-org optional dep used indirectly; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/messageFormat/i18next.cjs | AI (source-diff): Standard minified build output; content is i18next format parser. | ai | |
| source-diff | obfuscated-file:dist/cjs/messageFormat/ICU.cjs | AI (source-diff): Standard minified build output; content is ICU message format parser. | ai | |
| source-diff | obfuscated-file:dist/cjs/messageFormat/vue-i18n.cjs | AI (source-diff): Standard minified build output; content is vue-i18n format parser. | ai | |
| source-diff | obfuscated-file:dist/esm/markdown/compiler.mjs | AI (source-diff): Standard minified ESM build output; content is markdown compiler. | ai | |
| source-diff | obfuscated-file:dist/esm/markdown/constants.mjs | AI (source-diff): Standard minified ESM build output; content is markdown constants. | ai | |
| source-diff | obfuscated-file:dist/esm/markdown/index.mjs | AI (source-diff): Standard minified ESM build output; re-exports markdown module. | ai | |
| source-diff | obfuscated-file:dist/esm/messageFormat/ICU.mjs | AI (source-diff): Standard minified ESM build output; content is ICU parser. | ai | |
| source-diff | obfuscated-file:dist/esm/messageFormat/i18next.mjs | AI (source-diff): Standard minified ESM build output; content is i18next parser. | ai | |
| source-diff | obfuscated-file:dist/cjs/markdown/compiler.cjs | AI (source-diff): Standard minified build output from tsdown/rolldown; content is markdown parser logic. | ai | |
| source-diff | obfuscated-file:dist/cjs/markdown/constants.cjs | AI (source-diff): Standard minified build output; content is markdown constants. | ai | |
| source-diff | obfuscated-file:dist/cjs/markdown/index.cjs | AI (source-diff): Standard minified build output; re-exports markdown module. | ai | |
| provenance | missing-githead | AI (provenance): High-volume, well-established package; missing gitHead appears to be a publish environment change, not a supply chain indicator. | ai | |
| provenance | no-provenance | AI (provenance): Established package with strong publisher track record; provenance not historically present. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): defu is a well-known utility; swap from deepmerge is routine for this package. | ai | |
| phantom-deps | phantom-dep:@intlayer/unmerged-dictionaries-entry | AI (phantom-deps): Same-org monorepo sibling; phantom-dep heuristic not applicable here. | ai | |
| phantom-deps | phantom-dep:@intlayer/api | AI (phantom-deps): Same-org monorepo sibling; phantom-dep heuristic not applicable here. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped @intlayer/core is an i18n library, not a typosquat of cors; name similarity is coincidental. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dep; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 51 of 115)
| Version | Deps | Published |
|---|---|---|
| 8.12.2 | 6 / 8 | |
| 8.12.1 | 6 / 8 | |
| 8.12.0 | 6 / 8 | |
| 8.11.3 | 6 / 8 | |
| 8.11.2 | 6 / 8 | |
| 8.11.1 | 6 / 8 | |
| 8.11.0 | 6 / 8 | |
| 8.10.1 | 6 / 8 | |
| 8.10.0 | 6 / 8 | |
| 8.9.8 | 6 / 8 | |
| 8.9.7 | 6 / 8 | |
| 8.9.6 | 6 / 8 | |
| 8.9.5 | 6 / 8 | |
| 8.9.4 | 6 / 8 | |
| 8.9.3 | 6 / 8 | |
| 8.9.2 | 6 / 8 | |
| 8.9.1 | 6 / 8 | |
| 8.9.0 | 6 / 8 | |
| 8.8.0 | 6 / 8 | |
| 8.7.14 | 6 / 8 | |
| 8.7.13 | 6 / 8 | |
| 8.7.12 | 6 / 8 | |
| 8.7.11 | 6 / 8 | |
| 8.7.10 | 6 / 8 | |
| 8.7.9 | 6 / 8 | |
| 8.7.8 | 6 / 8 | |
| 8.7.7 | 6 / 8 | |
| 8.7.6 | 6 / 8 | |
| 8.7.5 | 6 / 8 | |
| 8.7.4 | 6 / 8 | |
| 8.7.3 | 6 / 8 | |
| 8.7.2 | 6 / 8 | |
| 8.7.1 | 6 / 8 | |
| 8.7.0 | 6 / 8 | |
| 8.6.10 | 6 / 8 | |
| 8.6.9 | 6 / 8 | |
| 8.6.8 | 6 / 8 | |
| 8.6.7 | 6 / 8 | |
| 8.6.6 | 6 / 8 | |
| 8.6.5 | 6 / 8 | |
| 8.6.4 | 6 / 8 | |
| 8.6.3 | 6 / 8 | |
| 8.6.2 | 6 / 8 | |
| 8.6.1 | 6 / 8 | |
| 8.6.0 | 6 / 8 | |
| 8.5.2 | 6 / 8 | |
| 8.5.1 | 6 / 8 | |
| 8.5.0 | 6 / 8 | |
| 8.4.10 | 6 / 8 | |
| 8.4.9 | 6 / 8 | |
| 8.4.8 | 6 / 8 |
v8.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.12.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.11.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.7.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.6.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.5.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.5.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.5.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.4.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.4.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.4.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ay.pineau.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.