@php-wasm/universal No license 18 versions

@php-wasm/universal

npm Repository Homepage

18

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bgrgicakadamzielbrandonpayton-a8csejasdanielbachhuberyannickdecatjanjakesakirk

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:fs-ext	AI (phantom-deps): fs-ext is declared as an optionalDependency in package.json; phantom-dep false positive for optional deps.	ai	2026/05/03
semgrep	semgrep:eval-usage	AI (semgrep): eval in minified stack-trace parser, not user-controlled input; stable pattern for this package.	ai	2026/04/29
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): 127.0.0.1 reference is a JSDoc comment example, not a live network request.	ai	2026/04/29
dependencies	unvetted-dep:@php-wasm/util	AI (dependencies): Sibling monorepo package from same WordPress/wordpress-playground repo; always co-versioned.	ai	2026/04/29
dependencies	unvetted-dep:@php-wasm/stream-compression	AI (dependencies): Sibling monorepo package from same WordPress/wordpress-playground repo; always co-versioned.	ai	2026/04/29

Versions (showing 18 of 18)

Version	Deps	Published
3.1.36	5 / 0	2026-06-01
3.1.35	5 / 0	2026-05-25
3.1.34	5 / 0	2026-05-18
3.1.33	5 / 0	2026-05-14
3.1.32	5 / 0	2026-05-14
3.1.31	5 / 0	2026-05-14
3.1.30	5 / 0	2026-05-11
3.1.28	6 / 0	2026-05-05
3.1.27	6 / 0	2026-05-04
3.1.26	6 / 0	2026-05-03
3.1.25	5 / 0	2026-05-03
3.1.22	5 / 0	2026-05-01
3.1.21	5 / 0	2026-04-27
3.1.20	5 / 0	2026-04-16
3.1.19	6 / 0	2026-04-13
3.1.14	6 / 0	2026-03-30
3.0.17	7 / 0	2025-10-31
3.0.1	7 / 0	2025-09-19

v3.1.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.34

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.33

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.17

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.