@kopexa/i18n
i18n provider for kopexa apps
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Both publishers are within the kopexa org; steffen.kopexa has 506 approved packages and 0 rejected — consistent internal maintainer transition. | ai | |
| phantom-deps | phantom-dep:@kopexa/react-utils | AI (phantom-deps): Same-org dep likely bundled into dist; not directly imported in source but legitimately declared. | ai | |
| phantom-deps | phantom-dep:@kopexa/shared-utils | AI (phantom-deps): Same-org dep likely bundled into dist; not directly imported in source but legitimately declared. | ai |
Versions (showing 51 of 88)
| Version | Deps | Published |
|---|---|---|
| 17.15.5 | 3 / 0 | |
| 17.15.4 | 3 / 0 | |
| 17.15.3 | 3 / 0 | |
| 17.15.2 | 3 / 0 | |
| 17.15.0 | 3 / 0 | |
| 17.14.4 | 3 / 0 | |
| 17.14.3 | 3 / 0 | |
| 17.14.2 | 3 / 0 | |
| 17.14.1 | 3 / 0 | |
| 17.14.0 | 3 / 0 | |
| 17.13.9 | 3 / 0 | |
| 17.13.8 | 3 / 0 | |
| 17.13.7 | 3 / 0 | |
| 17.13.6 | 3 / 0 | |
| 17.13.5 | 3 / 0 | |
| 17.13.4 | 3 / 0 | |
| 17.13.3 | 3 / 0 | |
| 17.13.2 | 3 / 0 | |
| 17.13.1 | 3 / 0 | |
| 17.13.0 | 3 / 0 | |
| 17.12.1 | 3 / 0 | |
| 17.12.0 | 3 / 0 | |
| 17.11.3 | 3 / 0 | |
| 17.11.2 | 3 / 0 | |
| 17.11.1 | 3 / 0 | |
| 17.11.0 | 3 / 0 | |
| 17.10.4 | 3 / 0 | |
| 17.10.3 | 3 / 0 | |
| 17.10.2 | 3 / 0 | |
| 17.10.1 | 3 / 0 | |
| 17.10.0 | 3 / 0 | |
| 17.9.0 | 3 / 0 | |
| 17.8.9 | 3 / 0 | |
| 17.8.7 | 3 / 0 | |
| 17.8.6 | 3 / 0 | |
| 17.8.5 | 3 / 0 | |
| 17.8.4 | 3 / 0 | |
| 17.8.3 | 3 / 0 | |
| 17.8.2 | 3 / 0 | |
| 17.8.1 | 3 / 0 | |
| 17.8.0 | 3 / 0 | |
| 17.7.3 | 3 / 0 | |
| 17.7.2 | 3 / 0 | |
| 17.7.1 | 3 / 0 | |
| 17.7.0 | 3 / 0 | |
| 17.6.6 | 3 / 0 | |
| 17.6.5 | 3 / 0 | |
| 17.6.4 | 3 / 0 | |
| 17.6.3 | 3 / 0 | |
| 17.6.2 | 3 / 0 | |
| 17.6.1 | 3 / 0 |
v17.15.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.15.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.14.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.14.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.14.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.14.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.13.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.13.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.13.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.12.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.12.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.11.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.11.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.11.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.11.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.10.4
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.10.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.10.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.10.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.10.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-02. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.9.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-02. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.9
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.7
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.6
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.4
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.8.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.7.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.7.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.7.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.7.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.6
2 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.5
2 findingsThis version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.4
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.3
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.6.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.