@ptolemy2002/rgx
A library for easy construction and validation of regular expressions in TypeScript. You can use `rgx` to concatenate various types of tokens into a valid regular expression string, with type safety and validation. You can also use a combination of `RGXWa
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): postinstall runs 'npx typesync', a standard dev-tooling command with no network exfiltration or code execution risk. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @ptolemy2002/rgx is clearly not impersonating 'pg'; Levenshtein match is a false positive. | ai | |
| phantom-deps | phantom-dep:lodash.clonedeep | AI (phantom-deps): lodash.clonedeep is a listed runtime dependency; phantom-dep heuristic misfired. | ai |
v13.7.0
2 findingsScript: npx typesync
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.5.0
2 findingsScript: npx typesync
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.