@nsshunt/stsappframework

TODO

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nsshunt

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established internal framework package; no provenance attestation is consistent across all versions.	ai	2026/05/20
dependencies	unvetted-dep:@types/on-headers	AI (dependencies): @types/on-headers is a DefinitelyTyped type-definition package; minimal attack surface, stable for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@types/pidusage	AI (phantom-deps): @types/* packages are type-only declarations; not imported at runtime by design.	ai	2026/05/06
phantom-deps	phantom-dep:@types/on-headers	AI (phantom-deps): @types/* packages are type-only declarations; not imported at runtime by design.	ai	2026/05/06
phantom-deps	phantom-dep:socket.io-adapter	AI (phantom-deps): Referenced in config files as documented; stable false positive for this package.	ai	2026/05/06

Versions (showing 72 of 72)

Version	Deps	Published
3.3.124	29 / 11	2026-06-01
3.3.123	29 / 11	2026-06-01
3.3.122	29 / 11	2026-06-01
3.3.121	29 / 11	2026-05-26
3.3.120	29 / 11	2026-05-16
3.3.119	29 / 11	2026-05-15
3.3.118	29 / 11	2026-05-15
3.3.117	29 / 11	2026-05-15
3.3.116	29 / 11	2026-05-07
3.3.115	29 / 11	2026-04-30
3.3.114	29 / 11	2026-04-09
3.3.113	29 / 11	2026-04-09
3.3.112	29 / 11	2026-04-09
3.3.111	29 / 11	2026-04-08
3.3.110	29 / 11	2026-04-08
3.3.109	29 / 11	2026-04-05
3.3.108	29 / 11	2026-04-05
3.3.107	29 / 11	2026-04-05
3.3.106	29 / 11	2026-04-05
3.3.105	29 / 11	2026-04-05
3.3.104	29 / 10	2026-04-05
3.3.103	30 / 10	2026-03-25
3.3.102	30 / 10	2026-03-22
3.3.101	30 / 10	2026-03-22
3.3.100	30 / 10	2026-03-22
3.3.99	30 / 10	2026-03-22
3.3.98	30 / 10	2026-03-16
3.3.97	30 / 10	2026-03-16
3.3.96	30 / 10	2026-03-16
3.3.95	30 / 10	2026-03-16
3.3.94	30 / 10	2026-03-16
3.3.93	30 / 10	2026-03-09
3.3.92	30 / 10	2026-03-07
3.3.91	30 / 10	2026-02-19
3.3.90	30 / 10	2026-02-19
3.3.89	30 / 10	2026-02-19
3.3.88	30 / 10	2026-02-19
3.3.87	30 / 10	2026-02-18
3.3.86	30 / 10	2026-02-17
3.3.85	30 / 10	2026-02-17
3.3.84	30 / 10	2026-02-17
3.3.83	30 / 10	2026-02-17
3.3.82	30 / 10	2026-02-15
3.3.81	30 / 10	2026-02-13
3.3.80	30 / 10	2026-02-13
3.3.76	29 / 10	2026-02-12
3.3.60	32 / 11	2026-01-18
3.3.58	32 / 11	2025-10-04
3.3.57	32 / 11	2025-10-03
3.3.56	32 / 11	2025-10-03
3.3.55	32 / 11	2025-10-02
3.3.54	32 / 12	2025-09-30
3.3.53	32 / 12	2025-09-29
3.3.52	32 / 12	2025-09-29
3.3.51	32 / 12	2025-09-28
3.3.50	32 / 12	2025-09-05
3.3.49	32 / 12	2025-08-22
3.3.48	32 / 12	2025-08-21
3.3.47	32 / 12	2025-08-13
3.3.46	32 / 12	2025-08-07
3.3.45	32 / 12	2025-07-31
3.3.44	32 / 12	2025-07-31
3.3.43	32 / 12	2025-07-31
3.3.42	32 / 12	2025-07-21
3.3.41	32 / 12	2025-07-20
3.3.40	32 / 12	2025-07-20
3.3.39	32 / 12	2025-07-19
3.3.38	32 / 12	2025-07-18
3.3.37	32 / 12	2025-06-22
3.3.36	32 / 13	2025-06-16
3.3.35	32 / 13	2025-06-12
3.3.34	32 / 13	2025-06-12

v3.3.124

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.123

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.122

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.121

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.