@salla.sa/base
Salla Base
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): High-frequency automated publishing is the norm for this package (694 versions); rapid publish is expected CI/CD behavior. | ai | |
| dependencies | unvetted-dep:store | AI (dependencies): [email protected] is a well-known, stable localStorage utility; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/applepayjs | AI (phantom-deps): Type-only declaration package loaded by convention; not directly imported at runtime. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 2.14.459 | 4 / 18 | |
| 2.14.445 | 4 / 18 | |
| 2.14.439 | 4 / 18 | |
| 2.14.435 | 4 / 18 | |
| 2.14.431 | 4 / 18 | |
| 2.14.420 | 4 / 18 | |
| 2.14.418 | 4 / 18 | |
| 2.14.415 | 4 / 18 | |
| 2.14.413 | 4 / 18 | |
| 2.14.401 | 4 / 18 | |
| 2.14.400 | 4 / 18 | |
| 2.14.399 | 4 / 18 | |
| 2.14.398 | 4 / 18 | |
| 2.14.396 | 4 / 18 | |
| 2.14.395 | 4 / 18 | |
| 2.14.394 | 4 / 18 | |
| 2.14.393 | 4 / 18 | |
| 2.14.392 | 4 / 18 | |
| 2.14.391 | 4 / 18 | |
| 2.14.390 | 4 / 18 | |
| 2.14.386 | 4 / 18 | |
| 2.14.385 | 4 / 18 | |
| 2.14.376 | 4 / 18 | |
| 2.14.370 | 4 / 18 | |
| 2.14.363 | 4 / 18 | |
| 2.14.353 | 4 / 18 | |
| 2.14.348 | 4 / 18 | |
| 2.14.340 | 4 / 18 | |
| 2.14.310 | 4 / 18 | |
| 2.14.296 | 4 / 18 |
v2.14.459
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.445
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.439
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.435
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.431
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.420
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.14.418
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.415
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.413
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.401
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.400
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.399
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.398
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.396
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.395
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.394
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.393
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.392
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.391
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.390
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.386
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.385
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.376
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.370
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.363
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.353
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.348
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.340
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.310
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.14.296
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.