@node-in-layers/core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @node-in-layers/core is a framework core library, not a typosquat of cors; name collision is coincidental. | ai | |
| phantom-deps | phantom-dep:loglevel | AI (phantom-deps): loglevel is a declared runtime dep; phantom-dep heuristic fires on indirect usage patterns common in framework code. | ai | |
| phantom-deps | phantom-dep:modern-async | AI (phantom-deps): modern-async is a declared runtime dep; phantom-dep heuristic fires on indirect usage patterns common in framework code. | ai |
Versions (showing 51 of 75)
| Version | Deps | Published |
|---|---|---|
| 1.17.0 | 10 / 43 | |
| 1.16.0 | 10 / 43 | |
| 1.15.18 | 10 / 43 | |
| 1.15.16 | 10 / 43 | |
| 1.15.15 | 10 / 43 | |
| 1.15.13 | 10 / 43 | |
| 1.15.12 | 10 / 43 | |
| 1.15.11 | 10 / 43 | |
| 1.15.10 | 10 / 43 | |
| 1.15.9 | 10 / 43 | |
| 1.15.8 | 10 / 43 | |
| 1.15.7 | 10 / 43 | |
| 1.15.6 | 10 / 43 | |
| 1.15.5 | 9 / 43 | |
| 1.15.4 | 9 / 43 | |
| 1.15.3 | 9 / 43 | |
| 1.15.2 | 9 / 43 | |
| 1.15.1 | 9 / 43 | |
| 1.15.0 | 9 / 43 | |
| 1.14.0 | 9 / 43 | |
| 1.13.5 | 9 / 43 | |
| 1.13.4 | 9 / 43 | |
| 1.13.3 | 9 / 43 | |
| 1.13.2 | 9 / 43 | |
| 1.13.1 | 9 / 43 | |
| 1.13.0 | 9 / 43 | |
| 1.12.8 | 11 / 39 | |
| 1.12.7 | 11 / 39 | |
| 1.12.6 | 11 / 39 | |
| 1.12.5 | 11 / 39 | |
| 1.12.4 | 11 / 39 | |
| 1.12.3 | 11 / 39 | |
| 1.12.2 | 11 / 39 | |
| 1.12.1 | 11 / 39 | |
| 1.11.2 | 11 / 39 | |
| 1.11.1 | 11 / 39 | |
| 1.11.0 | 11 / 39 | |
| 1.10.16 | 11 / 39 | |
| 1.10.15 | 11 / 39 | |
| 1.10.14 | 11 / 39 | |
| 1.10.13 | 11 / 39 | |
| 1.10.12 | 11 / 39 | |
| 1.10.11 | 11 / 39 | |
| 1.10.10 | 11 / 39 | |
| 1.10.9 | 11 / 39 | |
| 1.10.8 | 11 / 39 | |
| 1.10.7 | 11 / 39 | |
| 1.10.6 | 11 / 38 | |
| 1.10.5 | 11 / 38 | |
| 1.10.4 | 11 / 38 | |
| 1.10.3 | 11 / 38 |
v1.17.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.16.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.18
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.16
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.15
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.13
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.12
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.11
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.10
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.9
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.8
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.7
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.6
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.5
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.4
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.3
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.2
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.1
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.15.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.14.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.5
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.4
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.3
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.2
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.1
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.13.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.8
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.7
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.6
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.5
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.4
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.3
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.2
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.1
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.2
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.1
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.0
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.16
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.15
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.14
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.13
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.12
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.11
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.10
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.9
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.8
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.7
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.6
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.5
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.4
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.3
2 findingsPackage name '@node-in-layers/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.