@podman-desktop/docker-extension-api Apache-2.0 9 versions

@podman-desktop/docker-extension-api

npm Repository Homepage

API for Podman Desktop Docker extension

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

florentbenoitpodman-desktop-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed by SLSA provenance attestation from the official podman-desktop org.	ai	2026/05/04
phantom-deps	phantom-dep:@podman-desktop/api	AI (phantom-deps): Same-org monorepo dependency; type-only package may not directly import it at runtime.	ai	2026/04/29

Versions (showing 9 of 9)

Version	Deps	Published
1.27.2	1 / 0	2026-05-26
1.27.1	1 / 0	2026-05-20
1.26.2	1 / 0	2026-04-17
1.26.1	1 / 0	2026-03-23
1.25.1	1 / 0	2026-01-26
1.24.2	1 / 0	2025-12-10
1.24.1	1 / 0	2025-12-09
1.23.1	1 / 0	2025-11-13
1.22.1	1 / 0	2025-10-14

v1.27.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.27.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.26.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.25.1

2 findings

HIGH Publisher changed: podman-desktop-bot → GitHub Actions (on 2026-01-26) provenance

This version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.24.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.24.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.23.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.22.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.