@sap-ux/backend-proxy-middleware-cf Apache-2.0 30 versions

@sap-ux/backend-proxy-middleware-cf

npm Repository

UI5 server middleware using @sap/approuter for CF-style destinations and xs-app.json

30

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): SAP monorepo migrated to GitHub Actions CI/CD publishing; SLSA attestation confirms official repo origin.	ai	2026/05/30
maintainer-change	maintainer-added	AI (maintainer-change): sap-ospo-admin is SAP's OSS admin account; consistent with org-level governance change.	ai	2026/05/30
dependencies	unvetted-dep:@sap-ux/adp-tooling	AI (dependencies): Sibling SAP open-ux-tools package from the same org/repo; stable false positive for this package.	ai	2026/05/26
provenance	no-provenance	AI (provenance): SAP open-ux-tools monorepo does not publish with Sigstore provenance; stable pattern across all versions.	ai	2026/04/29

Versions (showing 30 of 137)

Version	Deps	Published
0.0.34	5 / 8	2026-01-24
0.0.32	5 / 8	2026-01-23
0.0.31	5 / 8	2026-01-19
0.0.30	5 / 8	2026-01-16
0.0.29	5 / 8	2026-01-16
0.0.28	5 / 8	2026-01-15
0.0.27	5 / 8	2026-01-14
0.0.26	5 / 8	2026-01-14
0.0.25	5 / 8	2026-01-12
0.0.24	5 / 8	2026-01-09
0.0.23	5 / 8	2026-01-08
0.0.22	5 / 8	2026-01-07
0.0.21	5 / 8	2026-01-07
0.0.20	5 / 8	2026-01-06
0.0.19	5 / 8	2026-01-05
0.0.18	5 / 8	2025-12-22
0.0.17	5 / 8	2025-12-19
0.0.16	5 / 8	2025-12-18
0.0.15	5 / 8	2025-12-18
0.0.14	5 / 8	2025-12-18
0.0.12	5 / 8	2025-12-16
0.0.11	5 / 8	2025-12-15
0.0.10	5 / 8	2025-12-14
0.0.9	5 / 8	2025-12-12
0.0.8	5 / 8	2025-12-11
0.0.6	5 / 8	2025-12-09
0.0.5	5 / 8	2025-12-08
0.0.4	5 / 8	2025-12-05
0.0.3	5 / 8	2025-12-04
0.0.2	5 / 8	2025-12-04

v0.0.34

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.32

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.31

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.30

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.29

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.28

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.27

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.26

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.25

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.24

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.23

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.22

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.21

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.20

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.19

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.18

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.17

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.16

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.15

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.14

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.12

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.11

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.10

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.