← Home

@meistrari/mise-en-place

npm Repository Homepage
47
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

0xthierryrjmunhozamorim33henrykunhrodrigo_lgczaghiianfiremanmatheusvellonethullyocunharenanllm

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:eslint-plugin-diff AI (phantom-deps): ESLint plugins are referenced in config files, not imported directly; this is the expected usage pattern. ai
phantom-deps phantom-dep:@antfu/eslint-config AI (phantom-deps): ESLint config package referenced in config files, not imported directly; expected usage pattern. ai
phantom-deps phantom-dep:eslint-plugin-drizzle AI (phantom-deps): ESLint plugin referenced in config files, not imported directly; expected usage pattern. ai
npm-metadata no-description AI (npm-metadata): Tooling package with clear repo and 70 published versions; empty description is cosmetic. ai
provenance no-provenance AI (provenance): No provenance across all 70 versions; consistent pattern, not a new anomaly. ai
install-scripts install-script:postinstall AI (install-scripts): Postinstall only writes a Makefile include stub if absent; no network calls or arbitrary code execution. ai
phantom-deps phantom-dep:dedent AI (phantom-deps): dedent is a declared runtime dependency; phantom-dep is a false positive for this package. ai
phantom-deps phantom-dep:eslint AI (phantom-deps): eslint is a declared runtime dependency; phantom-dep is a false positive for this package. ai

Versions (showing 47 of 47)

Version Deps Published
2.15.2 9 / 2
2.15.1 8 / 2
2.15.0 9 / 2
2.14.4 9 / 2
2.14.3 9 / 2
2.14.2 9 / 2
2.14.1 9 / 2
2.14.0 9 / 2
2.13.0 8 / 2
2.12.3 7 / 2
2.12.2 7 / 2
2.12.1 7 / 2
2.12.0 7 / 2
2.11.0 7 / 2
2.10.6 7 / 2
2.10.5 7 / 2
2.10.4 7 / 2
2.10.3 7 / 2
2.6.0 6 / 2
2.5.1 6 / 2
2.5.0 5 / 2
2.4.10 5 / 2
2.4.9 5 / 2
2.4.8 4 / 2
2.4.7 4 / 2
2.4.6 4 / 2
2.4.5 4 / 2
2.4.4 4 / 2
2.4.3 4 / 2
2.4.2 4 / 2
2.4.1 4 / 2
2.4.0 4 / 2
2.3.0 4 / 2
2.2.0 4 / 2
2.1.3 4 / 2
2.1.2 4 / 2
2.1.1 4 / 2
2.1.0 4 / 2
2.0.3 4 / 2
2.0.2 4 / 2
2.0.1 4 / 2
2.0.0 4 / 2
1.0.6 4 / 1
1.0.3 4 / 0
1.0.2 3 / 0
1.0.1 3 / 0
1.0.0 3 / 0

v2.15.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.15.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.14.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.12.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.12.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.12.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.6.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.3

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: test -f Makefile || echo 'include ./node_modules/@meistrari/mise-en-place/Makefile' > Makefile

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.2

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: test -f Makefile || echo 'include ./node_modules/@meistrari/mise-en-place/Makefile' > Makefile

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: test -f Makefile || echo 'include ./node_modules/@meistrari/mise-en-place/Makefile' > Makefile

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: test -f Makefile || echo 'include ./node_modules/@meistrari/mise-en-place/Makefile' > Makefile

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.