@sap-ux/backend-proxy-middleware-cf

UI5 server middleware using @sap/approuter for CF-style destinations and xs-app.json

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): SAP monorepo migrated to GitHub Actions CI/CD publishing; SLSA attestation confirms official repo origin.	ai	2026/05/30
maintainer-change	maintainer-added	AI (maintainer-change): sap-ospo-admin is SAP's OSS admin account; consistent with org-level governance change.	ai	2026/05/30
dependencies	unvetted-dep:@sap-ux/adp-tooling	AI (dependencies): Sibling SAP open-ux-tools package from the same org/repo; stable false positive for this package.	ai	2026/05/26
provenance	no-provenance	AI (provenance): SAP open-ux-tools monorepo does not publish with Sigstore provenance; stable pattern across all versions.	ai	2026/04/29

Versions (showing 100 of 130)

Version	Deps	Published
0.3.9	9 / 5	2026-06-09
0.3.8	9 / 5	2026-06-04
0.3.7	9 / 5	2026-06-04
0.3.6	9 / 5	2026-06-04
0.3.4	9 / 5	2026-06-03
0.3.3	9 / 5	2026-06-02
0.3.1	9 / 5	2026-06-01
0.3.0	9 / 5	2026-05-30
0.2.11	9 / 4	2026-05-29
0.2.10	9 / 4	2026-05-29
0.2.9	9 / 4	2026-05-27
0.2.7	9 / 4	2026-05-26
0.2.6	9 / 4	2026-05-22
0.2.5	9 / 4	2026-05-21
0.2.3	9 / 4	2026-05-19
0.2.2	9 / 4	2026-05-18
0.2.1	9 / 4	2026-05-15
0.1.22	9 / 4	2026-05-13
0.1.21	9 / 4	2026-05-12
0.1.20	9 / 4	2026-05-06
0.1.19	9 / 4	2026-05-01
0.1.17	9 / 4	2026-04-30
0.1.16	9 / 4	2026-04-30
0.1.15	9 / 4	2026-04-29
0.1.14	9 / 4	2026-04-27
0.1.13	9 / 4	2026-04-27
0.1.12	9 / 4	2026-04-23
0.1.11	9 / 4	2026-04-23
0.1.10	9 / 4	2026-04-22
0.1.9	9 / 4	2026-04-17
0.1.8	9 / 4	2026-04-15
0.1.7	9 / 4	2026-04-15
0.1.6	9 / 4	2026-04-14
0.1.5	9 / 4	2026-04-14
0.1.4	9 / 4	2026-04-14
0.1.3	9 / 4	2026-04-09
0.1.2	9 / 4	2026-04-08
0.1.1	9 / 4	2026-04-07
0.1.0	9 / 4	2026-04-01
0.0.99	5 / 8	2026-04-01
0.0.98	5 / 8	2026-04-01
0.0.97	5 / 8	2026-03-30
0.0.96	5 / 8	2026-03-27
0.0.95	5 / 8	2026-03-27
0.0.94	5 / 8	2026-03-26
0.0.93	5 / 8	2026-03-26
0.0.92	5 / 8	2026-03-26
0.0.91	5 / 8	2026-03-26
0.0.90	5 / 8	2026-03-25
0.0.89	5 / 8	2026-03-23
0.0.88	5 / 8	2026-03-23
0.0.87	5 / 8	2026-03-20
0.0.86	5 / 8	2026-03-18
0.0.85	5 / 8	2026-03-18
0.0.84	5 / 8	2026-03-17
0.0.83	5 / 8	2026-03-17
0.0.82	5 / 8	2026-03-17
0.0.81	5 / 8	2026-03-13
0.0.80	5 / 8	2026-03-10
0.0.79	5 / 8	2026-03-06
0.0.78	5 / 8	2026-03-06
0.0.76	5 / 8	2026-03-05
0.0.75	5 / 8	2026-03-05
0.0.74	5 / 8	2026-03-05
0.0.73	5 / 8	2026-03-05
0.0.72	5 / 8	2026-03-05
0.0.71	5 / 8	2026-03-04
0.0.70	5 / 8	2026-03-04
0.0.69	5 / 8	2026-03-04
0.0.68	5 / 8	2026-03-03
0.0.67	5 / 8	2026-02-27
0.0.66	5 / 8	2026-02-26
0.0.65	5 / 8	2026-02-25
0.0.64	5 / 8	2026-02-23
0.0.62	5 / 8	2026-02-23
0.0.61	5 / 8	2026-02-21
0.0.59	5 / 8	2026-02-20
0.0.58	5 / 8	2026-02-20
0.0.57	5 / 8	2026-02-20
0.0.56	5 / 8	2026-02-18
0.0.55	5 / 8	2026-02-16
0.0.53	5 / 8	2026-02-13
0.0.52	5 / 8	2026-02-13
0.0.51	5 / 8	2026-02-12
0.0.50	5 / 8	2026-02-11
0.0.49	5 / 8	2026-02-09
0.0.48	5 / 8	2026-02-09
0.0.47	5 / 8	2026-02-05
0.0.46	5 / 8	2026-02-05
0.0.45	5 / 8	2026-02-05
0.0.44	5 / 8	2026-02-05
0.0.43	5 / 8	2026-02-05
0.0.42	5 / 8	2026-02-05
0.0.41	5 / 8	2026-02-05
0.0.40	5 / 8	2026-02-04
0.0.39	5 / 8	2026-02-03
0.0.38	5 / 8	2026-01-30
0.0.37	5 / 8	2026-01-29
0.0.36	5 / 8	2026-01-28
0.0.35	5 / 8	2026-01-26

Showing 100 of 130 Next page →

v0.3.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.11

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-29) provenance

This version was published by a different npm account than previous versions on 2026-05-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.10

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-29) provenance

This version was published by a different npm account than previous versions on 2026-05-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.9

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-27) provenance

This version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.7

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-26) provenance

This version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.6

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-22) provenance

This version was published by a different npm account than previous versions on 2026-05-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.5

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.3

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-19) provenance

This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.2

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-18) provenance

This version was published by a different npm account than previous versions on 2026-05-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.