@sap-ux/backend-proxy-middleware

SAP backend proxy middleware

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): SAP org migrated publishing to GitHub Actions CI/CD; SLSA attestation confirms legitimate pipeline origin.	ai	2026/05/27
dependencies	unvetted-dep:@sap-ux/btp-utils	AI (dependencies): SAP monorepo sibling package; co-released with this package from SAP/open-ux-tools.	ai	2026/05/02
dependencies	unvetted-dep:@sap-ux/axios-extension	AI (dependencies): SAP monorepo sibling package; co-released with this package from SAP/open-ux-tools.	ai	2026/05/02

Versions (showing 51 of 97)

View all versions

Version	Deps	Published
1.0.1	11 / 12	2026-06-04
1.0.0	11 / 12	2026-05-30
0.13.3	11 / 11	2026-05-29
0.13.2	11 / 11	2026-05-27
0.13.1	11 / 11	2026-05-26
0.13.0	11 / 11	2026-05-15
0.12.9	11 / 11	2026-05-13
0.12.8	11 / 11	2026-05-06
0.12.7	11 / 11	2026-04-30
0.12.6	11 / 11	2026-04-29
0.12.5	11 / 11	2026-04-23
0.12.4	11 / 11	2026-04-15
0.12.3	11 / 11	2026-04-14
0.12.2	11 / 11	2026-04-14
0.12.1	11 / 11	2026-04-08
0.12.0	11 / 11	2026-03-30
0.11.3	11 / 11	2026-03-27
0.11.2	11 / 11	2026-03-26
0.11.1	11 / 11	2026-03-23
0.11.0	11 / 11	2026-03-20
0.10.56	11 / 11	2026-03-17
0.10.55	11 / 11	2026-03-17
0.10.54	11 / 11	2026-03-06
0.10.53	11 / 11	2026-03-05
0.10.52	11 / 11	2026-03-05
0.10.51	11 / 11	2026-03-04
0.10.50	11 / 11	2026-03-03
0.10.49	11 / 11	2026-02-27
0.10.48	11 / 11	2026-02-26
0.10.47	11 / 11	2026-02-23
0.10.46	11 / 11	2026-02-21
0.10.45	11 / 11	2026-02-20
0.10.44	11 / 11	2026-02-18
0.10.43	11 / 11	2026-02-16
0.10.41	11 / 11	2026-02-13
0.10.40	11 / 11	2026-02-11
0.10.39	11 / 11	2026-02-05
0.10.38	11 / 11	2026-02-05
0.10.37	11 / 11	2026-02-04
0.10.36	11 / 11	2026-02-03
0.10.35	11 / 11	2026-01-30
0.10.34	11 / 11	2026-01-28
0.10.33	11 / 11	2026-01-26
0.10.32	11 / 11	2026-01-24
0.10.30	11 / 11	2026-01-23
0.10.29	11 / 11	2026-01-16
0.10.28	11 / 11	2026-01-14
0.10.27	11 / 11	2026-01-09
0.10.26	11 / 11	2026-01-08
0.10.25	11 / 11	2026-01-07
0.10.24	11 / 11	2025-12-22

v1.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.