@parhelia/alpaca No license 51 versions

@parhelia/alpaca

npm

51

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

trackwaymajensenmuentingah

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@graphiql/plugin-explorer	AI (dependencies): @graphiql/plugin-explorer is a well-known GraphQL explorer plugin; stable legitimate dependency for this UI package.	ai	2026/05/15
bogus-package	bogus-package	AI (bogus-package): Package is a scoped UI component library under active development; missing metadata is sloppy but not indicative of malice.	ai	2026/04/30
phantom-deps	phantom-dep:postcss	AI (phantom-deps): postcss is a build-time dep used in config files; phantom-dep false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): react-dom referenced in config/type context; stable false positive for this UI library.	ai	2026/04/30
phantom-deps	phantom-dep:@uiw/react-textarea-code-editor	AI (phantom-deps): Likely re-exported or used indirectly; stable false positive for this package.	ai	2026/04/30

Versions (showing 51 of 66)

View all versions

Version	Deps	Published
0.1.12882	11 / 9	2026-06-08
0.1.12881	11 / 9	2026-06-08
0.1.12880	11 / 9	2026-06-08
0.1.12879	11 / 9	2026-06-08
0.1.12877	11 / 9	2026-06-07
0.1.12876	11 / 9	2026-06-06
0.1.12875	11 / 9	2026-06-06
0.1.12870	11 / 9	2026-06-06
0.1.12868	11 / 9	2026-06-06
0.1.12856	11 / 9	2026-06-03
0.1.12844	11 / 9	2026-05-31
0.1.12843	11 / 9	2026-05-31
0.1.12841	11 / 9	2026-05-31
0.1.12839	11 / 9	2026-05-31
0.1.12838	11 / 9	2026-05-30
0.1.12836	11 / 9	2026-05-30
0.1.12783	11 / 9	2026-05-11
0.1.12782	11 / 9	2026-05-11
0.1.12781	11 / 9	2026-05-09
0.1.12780	11 / 9	2026-05-08
0.1.12777	11 / 9	2026-05-06
0.1.12776	11 / 9	2026-05-06
0.1.12775	11 / 9	2026-05-05
0.1.12774	11 / 9	2026-05-05
0.1.12772	11 / 9	2026-05-04
0.1.12767	11 / 9	2026-05-04
0.1.12766	11 / 9	2026-05-03
0.1.12763	11 / 9	2026-05-03
0.1.12762	11 / 9	2026-05-03
0.1.12760	11 / 9	2026-05-03
0.1.12758	11 / 9	2026-05-03
0.1.12756	11 / 9	2026-05-03
0.1.12755	11 / 9	2026-05-02
0.1.12752	11 / 9	2026-05-01
0.1.12749	11 / 9	2026-04-30
0.1.12744	11 / 9	2026-04-30
0.1.12741	11 / 9	2026-04-30
0.1.12737	11 / 9	2026-04-29
0.1.12730	11 / 9	2026-04-29
0.1.12719	11 / 9	2026-04-29
0.1.12710	11 / 9	2026-04-28
0.1.12705	11 / 9	2026-04-28
0.1.12694	11 / 9	2026-04-28
0.1.12676	11 / 9	2026-04-27
0.1.12663	11 / 9	2026-04-23
0.1.12638	11 / 9	2026-04-22
0.1.12636	11 / 9	2026-04-22
0.1.12632	11 / 9	2026-04-21
0.1.12614	11 / 9	2026-04-17
0.1.12612	11 / 9	2026-04-17
0.1.12601	11 / 9	2026-04-16

v0.1.12882

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12881

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12880

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12879

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12877

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12876

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12875

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12870

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12868

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12856

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12844

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12843

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12841

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12839

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12838

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12836

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: muentingah → majensen (on 2026-05-30, known maintainer) provenance

This version was published by a different npm account (majensen) than the most recent previously approved version (muentingah) on 2026-05-30, but majensen is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.1.12783

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12782

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12781

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: trackway → muentingah (on 2026-05-09, known maintainer) provenance

This version was published by a different npm account (muentingah) than the most recent previously approved version (trackway) on 2026-05-09, but muentingah is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.1.12780

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: trackway → muentingah (on 2026-05-08, known maintainer) provenance

This version was published by a different npm account (muentingah) than the most recent previously approved version (trackway) on 2026-05-08, but muentingah is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.1.12777

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12776

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12775

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12774

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12772

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12767

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12766

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12763

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12762

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12760

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12758

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12756

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12755

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12752

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12749

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12744

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12741

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12730

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12719

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12710

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12705

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.12694

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12676

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.12663

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12638

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12636

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12632

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12614

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.12612

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12601

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.