@live-change/security-service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:nodemailer | AI (phantom-deps): nodemailer is a declared runtime dependency; phantom-dep heuristic misfires here. | ai |
Versions (showing 39 of 39)
| Version | Deps | Published |
|---|---|---|
| 0.9.209 | 4 / 0 | |
| 0.9.208 | 4 / 0 | |
| 0.9.207 | 4 / 0 | |
| 0.9.206 | 4 / 0 | |
| 0.9.205 | 4 / 0 | |
| 0.9.204 | 4 / 0 | |
| 0.9.203 | 4 / 0 | |
| 0.9.201 | 4 / 0 | |
| 0.9.196 | 4 / 0 | |
| 0.9.195 | 4 / 0 | |
| 0.9.193 | 4 / 0 | |
| 0.9.192 | 4 / 0 | |
| 0.9.190 | 4 / 0 | |
| 0.9.188 | 4 / 0 | |
| 0.9.187 | 4 / 0 | |
| 0.9.185 | 4 / 0 | |
| 0.9.183 | 4 / 0 | |
| 0.9.181 | 4 / 0 | |
| 0.9.180 | 4 / 0 | |
| 0.9.175 | 4 / 0 | |
| 0.9.169 | 4 / 0 | |
| 0.9.158 | 4 / 0 | |
| 0.9.152 | 4 / 0 | |
| 0.9.146 | 4 / 0 | |
| 0.9.140 | 4 / 0 | |
| 0.9.137 | 4 / 0 | |
| 0.9.133 | 4 / 0 | |
| 0.9.127 | 4 / 0 | |
| 0.9.122 | 4 / 0 | |
| 0.9.116 | 4 / 0 | |
| 0.9.111 | 4 / 0 | |
| 0.9.104 | 4 / 0 | |
| 0.9.95 | 4 / 0 | |
| 0.9.94 | 4 / 0 | |
| 0.9.90 | 4 / 0 | |
| 0.9.84 | 4 / 0 | |
| 0.9.79 | 4 / 0 | |
| 0.9.76 | 4 / 0 | |
| 0.9.73 | 4 / 0 |
v0.9.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.203
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.201
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.193
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.190
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.187
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.185
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.183
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.181
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.180
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.175
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.169
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.158
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.152
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.146
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.140
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.133
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.