@live-change/email-service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Legitimate monorepo service package; sparse README/metadata is consistent across the live-change-stack ecosystem. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent pattern across live-change-stack packages; not a spam indicator here. | ai | |
| phantom-deps | phantom-dep:inline-css | AI (phantom-deps): inline-css is listed as a runtime dependency in package.json; phantom-dep is a false positive here. | ai |
Versions (showing 51 of 63)
| Version | Deps | Published |
|---|---|---|
| 0.9.209 | 10 / 0 | |
| 0.9.208 | 10 / 0 | |
| 0.9.207 | 10 / 0 | |
| 0.9.206 | 10 / 0 | |
| 0.9.205 | 10 / 0 | |
| 0.9.204 | 10 / 0 | |
| 0.9.203 | 10 / 0 | |
| 0.9.198 | 10 / 0 | |
| 0.9.195 | 10 / 0 | |
| 0.9.194 | 10 / 0 | |
| 0.9.192 | 10 / 0 | |
| 0.9.190 | 10 / 0 | |
| 0.9.188 | 10 / 0 | |
| 0.9.186 | 10 / 0 | |
| 0.9.183 | 10 / 0 | |
| 0.9.181 | 10 / 0 | |
| 0.9.180 | 10 / 0 | |
| 0.9.177 | 10 / 0 | |
| 0.9.176 | 10 / 0 | |
| 0.9.174 | 10 / 0 | |
| 0.9.171 | 10 / 0 | |
| 0.9.166 | 10 / 0 | |
| 0.9.165 | 10 / 0 | |
| 0.9.163 | 10 / 0 | |
| 0.9.162 | 10 / 0 | |
| 0.9.161 | 10 / 0 | |
| 0.9.157 | 10 / 0 | |
| 0.9.156 | 10 / 0 | |
| 0.9.153 | 10 / 0 | |
| 0.9.152 | 10 / 0 | |
| 0.9.149 | 10 / 0 | |
| 0.9.146 | 10 / 0 | |
| 0.9.142 | 10 / 0 | |
| 0.9.139 | 10 / 0 | |
| 0.9.137 | 10 / 0 | |
| 0.9.135 | 10 / 0 | |
| 0.9.132 | 10 / 0 | |
| 0.9.128 | 10 / 0 | |
| 0.9.125 | 10 / 0 | |
| 0.9.122 | 10 / 0 | |
| 0.9.120 | 10 / 0 | |
| 0.9.118 | 10 / 0 | |
| 0.9.116 | 10 / 0 | |
| 0.9.114 | 10 / 0 | |
| 0.9.111 | 10 / 0 | |
| 0.9.110 | 10 / 0 | |
| 0.9.108 | 10 / 0 | |
| 0.9.107 | 10 / 0 | |
| 0.9.105 | 10 / 0 | |
| 0.9.103 | 10 / 0 | |
| 0.9.102 | 10 / 0 |
v0.9.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.203
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.198
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.194
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.190
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.186
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.183
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.181
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.180
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.177
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.176
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.174
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.171
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.166
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.165
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.163
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.162
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.161
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.157
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.156
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.153
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.152
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.149
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.146
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.142
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.139
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.132
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.128
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.120
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.