@releasekit/version No license 9 versions

@releasekit/version

npm Repository Homepage

9

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

goosewobbler

Keywords

versionsemvergitpackage

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:conventional-changelog-conventional-commits	AI (dependencies): This is an npm alias for conventional-changelog-conventionalcommits@^9.0.0 — a well-known, legitimate package; stable false positive for this package.	ai	2026/06/05
phantom-deps	phantom-dep:@types/micromatch	AI (phantom-deps): Type declaration package for runtime dep micromatch; not directly imported by design.	ai	2026/05/15
phantom-deps	phantom-dep:conventional-changelog-conventionalcommits	AI (phantom-deps): Preset package loaded by convention via config, not direct import.	ai	2026/05/15
phantom-deps	phantom-dep:conventional-commits-filter	AI (phantom-deps): Used transitively via conventional-changelog presets; not directly imported by design.	ai	2026/05/15
phantom-deps	phantom-dep:@types/minimatch	AI (phantom-deps): Type-only package; framework-scoped, not directly imported at runtime.	ai	2026/05/15
phantom-deps	phantom-dep:conventional-changelog-conventional-commits	AI (phantom-deps): Alias for conventionalcommits preset; loaded by convention, not direct import.	ai	2026/05/15
phantom-deps	phantom-dep:conventional-changelog-angular	AI (phantom-deps): Preset package loaded by convention via config, not direct import.	ai	2026/05/15

Versions (showing 9 of 9)

Version	Deps	Published
0.25.0	16 / 10	2026-06-04
0.22.0	15 / 10	2026-05-06
0.21.0	15 / 10	2026-05-06
0.20.0	15 / 10	2026-05-04
0.19.3	15 / 10	2026-05-01
0.4.1	15 / 10	2026-03-31
0.2.1	15 / 10	2026-03-24
0.2.0	16 / 8	2026-03-17
0.1.0	16 / 8	2026-03-04

v0.25.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.19.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.