@salesforce/plugin-auth No license 36 versions

@salesforce/plugin-auth

npm Repository Homepage

36

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ire-npm-team-userjimjagsalesforce-releasesjasonschroeder-sfdcmobifylwc-adminsalesforce-admin

Keywords

forcesalesforcesalesforcedxsfsf-pluginsfdxsfdx-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): Salesforce is consolidating npm publishing under centralized service accounts (salesforce-admin/salesforce-releases). This is an organizational change, not a takeover signal.	ai	2026/04/27
maintainer-change	maintainer-removed	AI (maintainer-change): Mass removal of individual Salesforce developer accounts in favor of centralized service account is consistent with Salesforce's publishing consolidation strategy.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Package has 404 versions and active publisher salesforce-releases; dormancy signal is likely an artifact of the analyzer's tracking window, not a real takeover indicator.	ai	2026/04/27
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get(err, 'message') is defensive error handling, not obfuscation. This pattern is stable and benign for this package.	ai	2026/04/26
phantom-deps	phantom-dep:@inquirer/select	AI (phantom-deps): @inquirer/select is explicitly declared as a runtime dependency in package.json; the phantom-dep finding is a false positive.	ai	2026/04/26

Versions (showing 36 of 36)

Version	Deps	Published
4.4.1	9 / 9	2026-05-23
4.4.0	9 / 9	2026-05-20
4.3.13	9 / 9	2026-05-16
4.3.12	9 / 9	2026-05-15
4.3.11	9 / 9	2026-05-15
4.3.10	9 / 9	2026-05-09
4.3.9	9 / 9	2026-05-09
4.3.8	9 / 9	2026-05-09
4.3.7	9 / 9	2026-04-17
4.3.6	9 / 9	2026-04-11
4.3.5	9 / 9	2026-04-09
4.3.4	9 / 9	2026-04-04
4.3.3	9 / 9	2026-03-27
4.3.2	9 / 9	2026-03-20
4.3.1	9 / 9	2026-03-14
4.3.0	9 / 9	2026-03-09
4.2.2	9 / 9	2026-03-07
4.2.1	9 / 9	2026-03-04
4.2.0	9 / 9	2026-03-04
4.1.8	9 / 9	2026-02-28
4.1.7	9 / 9	2026-02-26
4.1.6	9 / 9	2026-02-17
4.1.5	9 / 9	2026-02-07
4.1.4	9 / 9	2026-01-24
4.1.3	9 / 9	2026-01-22
4.1.2	9 / 9	2026-01-17
4.1.1	9 / 9	2026-01-15
4.1.0	9 / 9	2026-01-12
3.9.26	9 / 9	2025-12-13
3.9.25	9 / 9	2025-12-07
3.9.24	9 / 9	2025-12-06
3.9.23	9 / 9	2025-12-05
3.9.22	9 / 9	2025-12-03
3.9.19	9 / 9	2025-11-09
3.9.18	9 / 9	2025-11-02
3.9.17	9 / 9	2025-10-28

v4.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.13

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.