@salesforce/plugin-sobject
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): salesforce-admin is a Salesforce org account; adding it reflects consolidation of publishing under a centralized account, consistent with Salesforce's org-wide publishing practices. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of individual developer accounts in favor of a centralized org account (salesforce-admin) is consistent with Salesforce's publishing consolidation; not indicative of takeover. | ai | |
| phantom-deps | phantom-dep:@salesforce/kit | AI (phantom-deps): @salesforce/kit is a declared runtime dep in the same org scope; phantom-dep false positive for this package. | ai |
Versions (showing 51 of 55)
| Version | Deps | Published |
|---|---|---|
| 1.4.112 | 10 / 9 | |
| 1.4.111 | 10 / 9 | |
| 1.4.110 | 10 / 9 | |
| 1.4.109 | 10 / 9 | |
| 1.4.108 | 10 / 9 | |
| 1.4.107 | 10 / 9 | |
| 1.4.106 | 10 / 9 | |
| 1.4.105 | 10 / 9 | |
| 1.4.104 | 10 / 9 | |
| 1.4.103 | 10 / 9 | |
| 1.4.102 | 10 / 9 | |
| 1.4.101 | 10 / 9 | |
| 1.4.100 | 10 / 9 | |
| 1.4.99 | 10 / 9 | |
| 1.4.98 | 10 / 9 | |
| 1.4.97 | 10 / 9 | |
| 1.4.96 | 10 / 9 | |
| 1.4.95 | 10 / 9 | |
| 1.4.94 | 10 / 9 | |
| 1.4.93 | 10 / 9 | |
| 1.4.92 | 10 / 9 | |
| 1.4.91 | 10 / 9 | |
| 1.4.90 | 10 / 9 | |
| 1.4.89 | 10 / 9 | |
| 1.4.88 | 10 / 9 | |
| 1.4.87 | 10 / 9 | |
| 1.4.86 | 10 / 9 | |
| 1.4.85 | 10 / 9 | |
| 1.4.84 | 10 / 9 | |
| 1.4.83 | 10 / 9 | |
| 1.4.82 | 10 / 9 | |
| 1.4.81 | 10 / 9 | |
| 1.4.80 | 10 / 9 | |
| 1.4.79 | 10 / 9 | |
| 1.4.78 | 10 / 9 | |
| 1.4.77 | 10 / 9 | |
| 1.4.76 | 10 / 9 | |
| 1.4.73 | 10 / 9 | |
| 1.4.72 | 10 / 9 | |
| 1.4.71 | 10 / 9 | |
| 1.4.70 | 10 / 9 | |
| 1.4.69 | 10 / 9 | |
| 1.4.68 | 10 / 9 | |
| 1.4.67 | 10 / 9 | |
| 1.4.66 | 10 / 9 | |
| 1.4.65 | 10 / 9 | |
| 1.4.64 | 10 / 9 | |
| 1.4.63 | 10 / 9 | |
| 1.4.62 | 10 / 9 | |
| 1.4.61 | 10 / 9 | |
| 1.4.60 | 10 / 9 |
v1.4.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.111
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.110
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.103
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.72
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.