@oidfed/core
Federation primitives for JavaScript — entity statements, trust chain resolution, metadata policy, and cryptographic verification. The foundational layer of the complete OpenID Federation 1.0 implementation.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped OpenID Federation package; name similarity to 'cors' is coincidental, not impersonation. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 0.5.1 | 2 / 0 | |
| 0.5.0 | 2 / 0 | |
| 0.4.1 | 2 / 0 | |
| 0.4.0 | 2 / 0 | |
| 0.3.0 | 2 / 0 | |
| 0.2.0 | 2 / 0 | |
| 0.1.0 | 2 / 0 |
v0.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
2 findingsPackage name '@oidfed/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.