@sap-ux/axios-extension

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): SAP open-ux-tools migrated to GitHub Actions CI publishing with SLSA attestation; this is the expected new publisher for this package.	ai	2026/05/18
maintainer-change	maintainer-added	AI (maintainer-change): sap-ospo-admin is SAP's org-level admin account; addition is consistent with SAP's CI/CD transition, not a takeover.	ai	2026/05/18
phantom-deps	phantom-dep:@sap-ux/feature-toggle	AI (phantom-deps): Declared runtime dep in same SAP org scope; phantom-dep heuristic is unreliable here.	ai	2026/05/02

Versions (showing 51 of 66)

View all versions

Version	Deps	Published
2.0.1	14 / 7	2026-06-04
2.0.0	14 / 7	2026-05-30
1.26.1	14 / 6	2026-05-26
1.26.0	14 / 6	2026-05-15
1.25.35	14 / 6	2026-05-06
1.25.34	14 / 6	2026-04-30
1.25.33	14 / 6	2026-04-29
1.25.32	14 / 6	2026-04-23
1.25.31	14 / 6	2026-04-14
1.25.30	14 / 6	2026-04-14
1.25.29	14 / 6	2026-04-08
1.25.28	14 / 6	2026-03-30
1.25.27	14 / 6	2026-03-27
1.25.26	14 / 6	2026-03-26
1.25.25	14 / 6	2026-03-23
1.25.24	14 / 6	2026-03-17
1.25.23	14 / 6	2026-03-17
1.25.22	14 / 6	2026-03-06
1.25.21	14 / 6	2026-03-05
1.25.20	14 / 6	2026-03-05
1.25.19	14 / 6	2026-03-04
1.25.18	14 / 6	2026-03-03
1.25.17	14 / 6	2026-02-27
1.25.16	14 / 6	2026-02-23
1.25.15	14 / 6	2026-02-21
1.25.14	14 / 6	2026-02-18
1.25.13	14 / 6	2026-02-16
1.25.11	14 / 6	2026-02-11
1.25.10	14 / 6	2026-02-04
1.25.9	14 / 6	2026-02-03
1.25.8	14 / 6	2026-01-30
1.25.7	14 / 6	2026-01-26
1.25.6	14 / 6	2026-01-09
1.25.5	14 / 6	2026-01-08
1.25.4	14 / 6	2026-01-07
1.25.3	14 / 6	2025-12-22
1.25.2	14 / 6	2025-12-19
1.25.1	14 / 6	2025-12-18
1.25.0	14 / 6	2025-12-18
1.24.6	14 / 6	2025-12-15
1.24.5	14 / 6	2025-12-09
1.24.4	14 / 6	2025-12-08
1.24.3	14 / 6	2025-11-26
1.24.2	14 / 5	2025-11-05
1.24.1	14 / 5	2025-10-30
1.24.0	14 / 5	2025-10-28
1.23.1	14 / 5	2025-10-22
1.23.0	14 / 5	2025-10-14
1.22.10	14 / 5	2025-10-07
1.22.9	14 / 5	2025-09-23
1.22.8	14 / 5	2025-09-19

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.26.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.26.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.