@react-native-windows/automation-channel
@react-native-windows/automation-channel adds support for remote procedure calls from a node client to react-native-windows server on the same machine.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Large Microsoft monorepo publish; missing gitHead is a CI environment artifact, not a security signal for this package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Microsoft org maintains multiple stable branches; per-branch dormancy is expected, not a takeover signal. | ai | |
| dependencies | unvetted-dep:jsonrpc-lite | AI (dependencies): jsonrpc-lite is a standard JSON-RPC library; appropriate for an automation-channel package from Microsoft. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): ESLint config tool; referenced in lint config files only, not runtime imports. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): ESLint config tool; referenced in lint config files only, not runtime imports. Stable false positive for this package. | ai |
Versions (showing 97 of 97)
| Version | Deps | Published |
|---|---|---|
| 0.83.0 | 4 / 13 | |
| 0.82.8 | 3 / 13 | |
| 0.82.5 | 3 / 13 | |
| 0.82.3 | 3 / 13 | |
| 0.82.1 | 3 / 13 | |
| 0.82.0 | 3 / 13 | |
| 0.81.26 | 3 / 13 | |
| 0.81.25 | 3 / 13 | |
| 0.81.24 | 3 / 13 | |
| 0.81.22 | 3 / 13 | |
| 0.81.21 | 3 / 13 | |
| 0.81.20 | 3 / 13 | |
| 0.81.19 | 3 / 13 | |
| 0.81.18 | 3 / 13 | |
| 0.81.15 | 3 / 13 | |
| 0.81.13 | 3 / 13 | |
| 0.81.12 | 3 / 13 | |
| 0.81.11 | 3 / 13 | |
| 0.81.10 | 3 / 13 | |
| 0.81.9 | 3 / 13 | |
| 0.81.7 | 3 / 13 | |
| 0.81.6 | 3 / 13 | |
| 0.81.5 | 3 / 13 | |
| 0.81.4 | 3 / 13 | |
| 0.81.3 | 3 / 13 | |
| 0.81.2 | 3 / 13 | |
| 0.81.1 | 3 / 13 | |
| 0.81.0 | 3 / 13 | |
| 0.80.6 | 3 / 13 | |
| 0.80.5 | 3 / 13 | |
| 0.12.354 | 3 / 13 | |
| 0.12.353 | 3 / 13 | |
| 0.12.352 | 3 / 13 | |
| 0.12.351 | 3 / 13 | |
| 0.12.350 | 3 / 13 | |
| 0.12.349 | 3 / 13 | |
| 0.12.348 | 3 / 13 | |
| 0.12.347 | 3 / 13 | |
| 0.12.346 | 3 / 13 | |
| 0.12.345 | 3 / 13 | |
| 0.12.344 | 3 / 13 | |
| 0.12.343 | 3 / 13 | |
| 0.12.342 | 3 / 13 | |
| 0.12.341 | 3 / 13 | |
| 0.12.340 | 3 / 13 | |
| 0.12.339 | 3 / 13 | |
| 0.12.338 | 3 / 13 | |
| 0.12.337 | 3 / 13 | |
| 0.12.336 | 3 / 13 | |
| 0.12.335 | 3 / 13 | |
| 0.12.334 | 3 / 13 | |
| 0.12.333 | 3 / 13 | |
| 0.12.332 | 3 / 13 | |
| 0.12.331 | 3 / 13 | |
| 0.12.330 | 3 / 13 | |
| 0.12.329 | 3 / 13 | |
| 0.12.328 | 3 / 13 | |
| 0.12.327 | 3 / 13 | |
| 0.12.326 | 3 / 13 | |
| 0.12.325 | 3 / 13 | |
| 0.12.324 | 3 / 13 | |
| 0.12.323 | 3 / 13 | |
| 0.12.322 | 3 / 13 | |
| 0.12.321 | 3 / 13 | |
| 0.12.320 | 3 / 13 | |
| 0.12.319 | 3 / 13 | |
| 0.12.318 | 3 / 13 | |
| 0.12.317 | 3 / 13 | |
| 0.12.316 | 3 / 13 | |
| 0.12.315 | 3 / 13 | |
| 0.12.314 | 3 / 13 | |
| 0.12.313 | 3 / 13 | |
| 0.12.312 | 3 / 13 | |
| 0.12.311 | 3 / 13 | |
| 0.12.310 | 3 / 13 | |
| 0.12.309 | 3 / 13 | |
| 0.12.308 | 3 / 13 | |
| 0.12.307 | 3 / 13 | |
| 0.12.306 | 3 / 13 | |
| 0.12.305 | 3 / 13 | |
| 0.12.304 | 3 / 13 | |
| 0.12.303 | 3 / 13 | |
| 0.12.302 | 3 / 13 | |
| 0.12.301 | 3 / 13 | |
| 0.12.300 | 3 / 13 | |
| 0.12.299 | 3 / 13 | |
| 0.12.298 | 3 / 13 | |
| 0.12.297 | 3 / 13 | |
| 0.12.296 | 3 / 13 | |
| 0.12.295 | 3 / 13 | |
| 0.12.294 | 3 / 13 | |
| 0.12.293 | 3 / 13 | |
| 0.12.292 | 3 / 13 | |
| 0.12.291 | 3 / 13 | |
| 0.12.290 | 3 / 13 | |
| 0.12.289 | 3 / 13 | |
| 0.12.288 | 3 / 13 |
v0.83.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.82.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.81.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.81.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.81.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.81.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.80.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.80.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.354
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.353
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.352
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.351
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.350
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.349
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.348
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.347
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.346
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.345
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: microsoft1es.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.344
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.343
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.342
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.341
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.340
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.339
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.338
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.337
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.336
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.335
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.334
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.333
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.332
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.331
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.330
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.329
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.328
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.327
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.326
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.325
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.324
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.323
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.322
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.321
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.320
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.319
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.318
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.317
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.316
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.315
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.314
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.313
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.312
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.311
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.310
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.309
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.308
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.307
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.306
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.305
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.304
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.303
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.302
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.301
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.300
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.299
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.298
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.297
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.296
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.295
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.294
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.293
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.292
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.291
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.290
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.289
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.288
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.