@live-change/phone-service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Intentionally minimal metadata; stable pattern across this package family. | ai | |
| provenance | no-provenance | AI (provenance): No provenance across this publisher's packages; not a targeted risk signal. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Part of live-change-stack monorepo; sparse README/metadata is consistent across all versions of this org's packages. | ai | |
| phantom-deps | phantom-dep:@live-change/relations-plugin | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic unreliable for monorepo packages. | ai |
Versions (showing 36 of 36)
| Version | Deps | Published |
|---|---|---|
| 0.9.204 | 6 / 0 | |
| 0.9.199 | 6 / 0 | |
| 0.9.196 | 6 / 0 | |
| 0.9.195 | 6 / 0 | |
| 0.9.194 | 6 / 0 | |
| 0.9.193 | 6 / 0 | |
| 0.9.185 | 6 / 0 | |
| 0.9.182 | 6 / 0 | |
| 0.9.176 | 6 / 0 | |
| 0.9.174 | 6 / 0 | |
| 0.9.171 | 6 / 0 | |
| 0.9.167 | 6 / 0 | |
| 0.9.166 | 6 / 0 | |
| 0.9.165 | 6 / 0 | |
| 0.9.156 | 6 / 0 | |
| 0.9.153 | 6 / 0 | |
| 0.9.151 | 6 / 0 | |
| 0.9.150 | 6 / 0 | |
| 0.9.139 | 6 / 0 | |
| 0.9.137 | 6 / 0 | |
| 0.9.130 | 6 / 0 | |
| 0.9.127 | 6 / 0 | |
| 0.9.126 | 6 / 0 | |
| 0.9.121 | 6 / 0 | |
| 0.9.117 | 6 / 0 | |
| 0.9.116 | 6 / 0 | |
| 0.9.115 | 6 / 0 | |
| 0.9.108 | 6 / 0 | |
| 0.9.107 | 6 / 0 | |
| 0.9.105 | 6 / 0 | |
| 0.9.102 | 6 / 0 | |
| 0.9.97 | 6 / 0 | |
| 0.9.88 | 6 / 0 | |
| 0.9.87 | 6 / 0 | |
| 0.9.82 | 6 / 0 | |
| 0.9.73 | 6 / 0 |
v0.9.199
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.194
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.193
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.185
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.182
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.176
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.174
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.171
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.167
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.166
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.165
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.156
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.153
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.151
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.150
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.139
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.130
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.88
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.