@reltio/segmentation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Internal org package; missing metadata is consistent across all 532 versions, not a spam indicator. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Stable pattern across all versions of this internal org package. | ai | |
| phantom-deps | phantom-dep:@reltio/mdm-sdk | AI (phantom-deps): Same-org bundled dependency; phantom-dep heuristic unreliable for bundled packages. | ai | |
| phantom-deps | phantom-dep:@reltio/mdm-module | AI (phantom-deps): Same-org bundled dependency; phantom-dep heuristic unreliable for bundled packages. | ai | |
| phantom-deps | phantom-dep:@reltio/components | AI (phantom-deps): Same-org bundled dependency; phantom-dep heuristic unreliable for bundled packages. | ai | |
| phantom-deps | phantom-dep:@reltio-lab/utils | AI (phantom-deps): Referenced in config files per finding; stable false positive for this bundled package. | ai | |
| phantom-deps | phantom-dep:rrule | AI (phantom-deps): Referenced in config files per finding; stable false positive for this bundled package. | ai |
Versions (showing 100 of 180)
| Version | Deps | Published |
|---|---|---|
| 1.4.542 | 5 / 0 | |
| 1.4.541 | 5 / 0 | |
| 1.4.540 | 5 / 0 | |
| 1.4.539 | 5 / 0 | |
| 1.4.538 | 5 / 0 | |
| 1.4.537 | 5 / 0 | |
| 1.4.536 | 5 / 0 | |
| 1.4.535 | 5 / 0 | |
| 1.4.534 | 5 / 0 | |
| 1.4.533 | 5 / 0 | |
| 1.4.532 | 5 / 0 | |
| 1.4.531 | 5 / 0 | |
| 1.4.530 | 5 / 0 | |
| 1.4.529 | 5 / 0 | |
| 1.4.528 | 5 / 0 | |
| 1.4.527 | 5 / 0 | |
| 1.4.526 | 5 / 0 | |
| 1.4.525 | 5 / 0 | |
| 1.4.524 | 5 / 0 | |
| 1.4.523 | 5 / 0 | |
| 1.4.522 | 5 / 0 | |
| 1.4.521 | 5 / 0 | |
| 1.4.520 | 5 / 0 | |
| 1.4.519 | 5 / 0 | |
| 1.4.518 | 5 / 0 | |
| 1.4.517 | 5 / 0 | |
| 1.4.516 | 5 / 0 | |
| 1.4.515 | 5 / 0 | |
| 1.4.514 | 5 / 0 | |
| 1.4.513 | 5 / 0 | |
| 1.4.512 | 5 / 0 | |
| 1.4.511 | 5 / 0 | |
| 1.4.510 | 5 / 0 | |
| 1.4.509 | 5 / 0 | |
| 1.4.508 | 5 / 0 | |
| 1.4.507 | 5 / 0 | |
| 1.4.506 | 5 / 0 | |
| 1.4.505 | 5 / 0 | |
| 1.4.504 | 5 / 0 | |
| 1.4.503 | 5 / 0 | |
| 1.4.502 | 5 / 0 | |
| 1.4.501 | 5 / 0 | |
| 1.4.500 | 5 / 0 | |
| 1.4.499 | 5 / 0 | |
| 1.4.498 | 5 / 0 | |
| 1.4.497 | 5 / 0 | |
| 1.4.496 | 5 / 0 | |
| 1.4.495 | 5 / 0 | |
| 1.4.491 | 5 / 0 | |
| 1.4.490 | 5 / 0 | |
| 1.4.489 | 5 / 0 | |
| 1.4.488 | 5 / 0 | |
| 1.4.487 | 5 / 0 | |
| 1.4.486 | 5 / 0 | |
| 1.4.485 | 5 / 0 | |
| 1.4.484 | 5 / 0 | |
| 1.4.483 | 5 / 0 | |
| 1.4.482 | 5 / 0 | |
| 1.4.481 | 5 / 0 | |
| 1.4.480 | 5 / 0 | |
| 1.4.479 | 5 / 0 | |
| 1.4.478 | 5 / 0 | |
| 1.4.477 | 5 / 0 | |
| 1.4.476 | 5 / 0 | |
| 1.4.475 | 5 / 0 | |
| 1.4.474 | 5 / 0 | |
| 1.4.473 | 5 / 0 | |
| 1.4.472 | 5 / 0 | |
| 1.4.471 | 5 / 0 | |
| 1.4.470 | 5 / 0 | |
| 1.4.469 | 5 / 0 | |
| 1.4.468 | 5 / 0 | |
| 1.4.467 | 5 / 0 | |
| 1.4.466 | 5 / 0 | |
| 1.4.465 | 5 / 0 | |
| 1.4.464 | 5 / 0 | |
| 1.4.463 | 5 / 0 | |
| 1.4.462 | 5 / 0 | |
| 1.4.461 | 5 / 0 | |
| 1.4.460 | 5 / 0 | |
| 1.4.459 | 5 / 0 | |
| 1.4.458 | 5 / 0 | |
| 1.4.457 | 5 / 0 | |
| 1.4.456 | 5 / 0 | |
| 1.4.455 | 5 / 0 | |
| 1.4.454 | 5 / 0 | |
| 1.4.453 | 5 / 0 | |
| 1.4.452 | 5 / 0 | |
| 1.4.451 | 5 / 0 | |
| 1.4.450 | 5 / 0 | |
| 1.4.449 | 5 / 0 | |
| 1.4.448 | 5 / 0 | |
| 1.4.447 | 5 / 0 | |
| 1.4.446 | 5 / 0 | |
| 1.4.445 | 5 / 0 | |
| 1.4.444 | 5 / 0 | |
| 1.4.443 | 5 / 0 | |
| 1.4.442 | 5 / 0 | |
| 1.4.441 | 5 / 0 | |
| 1.4.440 | 5 / 0 |
v1.4.542
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.541
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.540
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.539
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.538
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.537
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.536
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.535
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.534
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.533
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.532
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.531
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.530
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.529
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.528
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.527
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.526
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.525
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.524
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.523
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.522
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.521
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.520
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.519
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.518
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.517
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.516
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.515
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.514
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.513
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.512
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.511
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.510
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.509
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.508
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.507
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.506
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.505
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.504
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.503
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.502
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.501
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.500
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.499
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.498
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.497
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.496
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.495
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.491
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.490
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.489
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.488
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.487
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.486
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.485
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.484
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.483
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.482
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.481
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.480
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.479
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.478
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.477
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.476
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.475
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.474
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.473
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.472
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.471
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.470
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.469
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.468
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.467
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.466
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.465
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.464
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.463
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.462
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.461
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.460
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.459
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.458
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.457
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.456
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.455
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.454
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.453
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.452
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.451
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.450
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.449
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.448
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.447
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.446
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.445
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.444
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.443
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.442
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.441
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.440
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.