@podium/proxy
Transparent http proxy. Dynamically mounts proxy targets on an existing HTTP server instance.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:abslog | AI (dependencies): Known lightweight logging utility; stable dependency of podium-lib packages across many versions. | ai | |
| dependencies | unvetted-dep:@podium/utils | AI (dependencies): Core podium-lib utility package; expected dependency for this ecosystem. | ai | |
| dependencies | unvetted-dep:@metrics/client | AI (dependencies): Metrics client from same maintainer ecosystem; consistent across podium-lib packages. | ai | |
| dependencies | unvetted-dep:@podium/schemas | AI (dependencies): Core podium-lib schema package; expected dependency for this ecosystem. | ai | |
| dependencies | unvetted-dep:@podium/node-http-proxy | AI (dependencies): Podium-lib's own http-proxy fork; expected core dependency for this proxy package. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 5.0.37 | 6 / 12 | |
| 5.0.36 | 6 / 12 | |
| 5.0.35 | 6 / 12 | |
| 5.0.34 | 6 / 12 | |
| 5.0.33 | 6 / 12 |
v5.0.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.