← Home

@salesforce/plugin-user

npm Repository Homepage
50
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ire-npm-team-userjimjagsalesforce-releasesjasonschroeder-sfdcmobifylwc-adminsalesforce-admin

Keywords

forcesalesforcesalesforcedxsfsf-pluginsfdxsfdx-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-added AI (maintainer-change): Salesforce consolidating npm maintainers under salesforce-admin is an organizational change, not a takeover. Publisher salesforce-releases remains unchanged with strong track record. ai
maintainer-change maintainer-removed AI (maintainer-change): Mass removal of individual Salesforce developer accounts in favor of a centralized admin account is consistent with org-level npm hygiene, not a package takeover. ai
publish-pattern dormant-publish AI (publish-pattern): 246 versions published over 1985 days by a trusted publisher; dormancy period likely reflects org restructuring. No code changes in this version diff. ai

Versions (showing 50 of 50)

Version Deps Published
3.10.1 4 / 10
3.10.0 4 / 10
3.9.6 4 / 10
3.9.5 4 / 10
3.9.4 4 / 10
3.9.3 4 / 10
3.9.2 4 / 10
3.9.1 4 / 10
3.9.0 4 / 10
3.8.4 4 / 10
3.8.3 4 / 10
3.8.2 4 / 10
3.8.1 4 / 10
3.8.0 4 / 10
3.7.1 4 / 10
3.7.0 4 / 10
3.6.53 4 / 10
3.6.52 4 / 10
3.6.51 4 / 10
3.6.50 4 / 10
3.6.49 4 / 10
3.6.48 4 / 10
3.6.47 4 / 10
3.6.46 4 / 10
3.6.45 4 / 10
3.6.44 4 / 10
3.6.43 4 / 10
3.6.42 4 / 10
3.6.41 4 / 10
3.6.40 4 / 10
3.6.38 4 / 10
3.6.37 4 / 10
3.6.36 4 / 10
3.6.35 4 / 10
3.6.34 4 / 10
3.6.33 4 / 10
3.6.32 4 / 10
3.6.31 4 / 10
3.6.30 4 / 10
3.6.29 4 / 10
3.6.28 4 / 10
3.6.27 4 / 10
3.6.26 4 / 10
3.6.25 4 / 10
3.6.24 4 / 10
3.6.23 4 / 10
3.6.22 4 / 10
3.6.21 4 / 10
3.6.20 4 / 10
3.6.19 4 / 10

v3.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.8.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.8.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.53

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.38

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.37

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.36

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.35

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.34

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.33

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.32

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.31

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.30

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.29

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.28

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.27

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.26

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.25

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.24

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.23

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.19

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.