@live-change/stripe-service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:lru-cache | AI (phantom-deps): Monorepo package; deps likely consumed transitively across the live-change stack. | ai | |
| phantom-deps | phantom-dep:pluralize | AI (phantom-deps): Same monorepo transitive-dep pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:progress-stream | AI (phantom-deps): Same monorepo transitive-dep pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:prosemirror-model | AI (phantom-deps): Same monorepo transitive-dep pattern; stable false positive. | ai |
Versions (showing 42 of 42)
| Version | Deps | Published |
|---|---|---|
| 0.9.204 | 7 / 0 | |
| 0.9.203 | 7 / 0 | |
| 0.9.198 | 7 / 0 | |
| 0.9.195 | 7 / 0 | |
| 0.9.192 | 7 / 0 | |
| 0.9.191 | 7 / 0 | |
| 0.9.187 | 7 / 0 | |
| 0.9.186 | 7 / 0 | |
| 0.9.184 | 7 / 0 | |
| 0.9.181 | 7 / 0 | |
| 0.9.177 | 7 / 0 | |
| 0.9.173 | 7 / 0 | |
| 0.9.169 | 7 / 0 | |
| 0.9.162 | 7 / 0 | |
| 0.9.161 | 7 / 0 | |
| 0.9.160 | 7 / 0 | |
| 0.9.157 | 7 / 0 | |
| 0.9.152 | 7 / 0 | |
| 0.9.147 | 7 / 0 | |
| 0.9.145 | 7 / 0 | |
| 0.9.136 | 7 / 0 | |
| 0.9.134 | 7 / 0 | |
| 0.9.130 | 7 / 0 | |
| 0.9.126 | 7 / 0 | |
| 0.9.125 | 7 / 0 | |
| 0.9.122 | 7 / 0 | |
| 0.9.113 | 7 / 0 | |
| 0.9.110 | 7 / 0 | |
| 0.9.109 | 7 / 0 | |
| 0.9.108 | 7 / 0 | |
| 0.9.104 | 7 / 0 | |
| 0.9.103 | 7 / 0 | |
| 0.9.101 | 7 / 0 | |
| 0.9.99 | 7 / 0 | |
| 0.9.97 | 7 / 0 | |
| 0.9.94 | 7 / 0 | |
| 0.9.93 | 7 / 0 | |
| 0.9.91 | 7 / 0 | |
| 0.9.85 | 7 / 0 | |
| 0.9.82 | 7 / 0 | |
| 0.9.74 | 7 / 0 | |
| 0.9.72 | 7 / 0 |
v0.9.203
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.198
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.187
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.186
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.184
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.181
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.177
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.173
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.169
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.162
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.161
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.160
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.157
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.152
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.147
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.145
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.136
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.134
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.130
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.72
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.