← Home

@mswjs/interceptors

Low-level HTTP/HTTPS/XHR/fetch request interception library.

100
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kettanaito

Keywords

requestintercepthttphttpsxmlhttprequestxhrfetchlow-levelmockspytesting

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:xmldom AI (dependencies): xmldom is a legitimate DOM parsing library appropriate for an HTTP/XHR interception package; its use is contextually justified and no OSV advisory was flagged for the constrained version range. ai
provenance publisher-changed AI (provenance): Package transitioned to GitHub Actions CI/CD publishing, backed by SLSA provenance attestation. This is a legitimate automation pattern for mature OSS projects. ai
provenance no-provenance AI (provenance): Established package from a trusted publisher; lack of provenance is common for packages predating Sigstore adoption and not a meaningful risk signal here. ai
semgrep semgrep:hex-decode AI (semgrep): Hex decode appears only in a test file as a unit test fixture for a buffer-to-string utility. No malicious payload; stable false positive for this package. ai
semgrep semgrep:shady-links-raw-ip AI (semgrep): Raw IPs appear in comments and test fixtures documenting Node.js URL parsing bugs. Expected in an HTTP interceptor library; not network exfiltration. ai
source-diff large-new-source-files AI (source-diff): New large files are all *.cjs.map / *.mjs.map source maps — standard build artifacts, not injected code. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() is idiomatic for accessing Symbol-keyed properties on fetch/Request objects in HTTP interceptor code. Not obfuscation — standard pattern throughout MSW interceptors. ai

Versions (showing 100 of 190)

Version Deps Published
0.41.9 6 / 45
0.41.8 6 / 45
0.41.7 6 / 45
0.41.6 6 / 45
0.41.5 6 / 45
0.41.4 6 / 45
0.41.3 6 / 45
0.41.2 6 / 45
0.41.1 6 / 45
0.41.0 6 / 45
0.40.0 6 / 45
0.39.8 6 / 45
0.39.7 6 / 45
0.39.6 6 / 45
0.39.5 6 / 45
0.39.4 6 / 45
0.39.3 6 / 45
0.39.2 6 / 45
0.39.1 6 / 45
0.39.0 6 / 45
0.38.7 6 / 45
0.38.6 6 / 45
0.38.5 7 / 44
0.38.4 7 / 44
0.38.3 7 / 44
0.38.2 7 / 44
0.38.1 7 / 44
0.38.0 7 / 44
0.37.6 6 / 48
0.37.5 6 / 48
0.37.4 6 / 48
0.37.3 6 / 48
0.37.2 6 / 48
0.37.1 6 / 48
0.37.0 6 / 48
0.36.10 6 / 48
0.36.9 6 / 47
0.36.8 6 / 47
0.36.7 6 / 47
0.36.6 6 / 47
0.36.5 6 / 47
0.36.4 6 / 47
0.36.3 6 / 47
0.36.2 6 / 47
0.36.1 6 / 47
0.36.0 6 / 47
0.35.9 6 / 47
0.35.8 6 / 47
0.35.7 6 / 47
0.35.6 6 / 47
0.35.5 6 / 47
0.35.4 6 / 47
0.35.3 6 / 47
0.35.2 6 / 47
0.35.1 6 / 47
0.35.0 6 / 47
0.34.3 6 / 47
0.34.2 6 / 47
0.34.1 6 / 45
0.34.0 6 / 45
0.33.3 6 / 45
0.33.2 6 / 45
0.33.1 6 / 45
0.33.0 6 / 45
0.32.2 6 / 45
0.32.1 6 / 45
0.32.0 6 / 45
0.31.1 6 / 45
0.31.0 6 / 45
0.30.1 6 / 45
0.30.0 6 / 45
0.29.1 6 / 45
0.29.0 6 / 45
0.28.4 6 / 45
0.28.3 6 / 45
0.28.2 6 / 45
0.28.1 6 / 45
0.28.0 6 / 45
0.27.2 6 / 45
0.27.1 6 / 45
0.27.0 6 / 45
0.26.15 6 / 45
0.26.14 6 / 45
0.26.13 6 / 45
0.26.12 6 / 45
0.26.11 6 / 45
0.26.10 6 / 45
0.26.9 6 / 45
0.26.8 6 / 45
0.26.7 6 / 45
0.26.6 6 / 45
0.26.5 6 / 45
0.26.4 6 / 45
0.26.3 6 / 45
0.26.2 6 / 45
0.26.1 6 / 45
0.26.0 6 / 45
0.25.16 6 / 38
0.25.15 6 / 38
0.25.14 6 / 38
Showing 100 of 190 Next page →

v0.41.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.