@live-change/task-service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Internal monorepo service package; missing description is a consistent pattern across this publisher's packages. | ai | |
| provenance | no-provenance | AI (provenance): Publisher consistently publishes without provenance; stable pattern across 326 versions. | ai |
Versions (showing 45 of 45)
| Version | Deps | Published |
|---|---|---|
| 0.9.209 | 2 / 0 | |
| 0.9.208 | 2 / 0 | |
| 0.9.207 | 2 / 0 | |
| 0.9.206 | 2 / 0 | |
| 0.9.205 | 2 / 0 | |
| 0.9.204 | 2 / 0 | |
| 0.9.200 | 2 / 0 | |
| 0.9.197 | 2 / 0 | |
| 0.9.196 | 2 / 0 | |
| 0.9.195 | 2 / 0 | |
| 0.9.194 | 2 / 0 | |
| 0.9.191 | 2 / 0 | |
| 0.9.189 | 2 / 0 | |
| 0.9.188 | 2 / 0 | |
| 0.9.184 | 2 / 0 | |
| 0.9.179 | 2 / 0 | |
| 0.9.177 | 2 / 0 | |
| 0.9.165 | 2 / 0 | |
| 0.9.158 | 2 / 0 | |
| 0.9.154 | 2 / 0 | |
| 0.9.153 | 2 / 0 | |
| 0.9.151 | 2 / 0 | |
| 0.9.149 | 2 / 0 | |
| 0.9.148 | 2 / 0 | |
| 0.9.141 | 2 / 0 | |
| 0.9.138 | 2 / 0 | |
| 0.9.135 | 2 / 0 | |
| 0.9.133 | 2 / 0 | |
| 0.9.132 | 2 / 0 | |
| 0.9.128 | 2 / 0 | |
| 0.9.127 | 2 / 0 | |
| 0.9.122 | 2 / 0 | |
| 0.9.119 | 2 / 0 | |
| 0.9.118 | 2 / 0 | |
| 0.9.116 | 2 / 0 | |
| 0.9.115 | 2 / 0 | |
| 0.9.110 | 2 / 0 | |
| 0.9.99 | 2 / 0 | |
| 0.9.96 | 2 / 0 | |
| 0.9.89 | 2 / 0 | |
| 0.9.87 | 2 / 0 | |
| 0.9.84 | 2 / 0 | |
| 0.9.82 | 2 / 0 | |
| 0.9.77 | 2 / 0 | |
| 0.9.73 | 2 / 0 |
v0.9.209
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.208
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.207
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.206
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.205
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.200
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.197
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.194
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.189
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.184
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.179
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.177
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.165
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.158
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.154
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.153
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.151
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.149
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.148
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.141
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.138
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.133
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.132
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.128
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.119
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.77
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.