@sap-ux/telemetry — Greenflagged

Library for sending usage telemetry data

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): devinea is an established SAP publisher (1393 approved, 0 rejected); consistent with org-level account rotation.	ai	2026/05/27
dependencies	unvetted-dep:@sap-ux/btp-utils	AI (dependencies): Same SAP open-ux-tools monorepo sibling; stable false positive for this package.	ai	2026/05/26
dependencies	unvetted-dep:@sap-ux/ui5-config	AI (dependencies): Same SAP open-ux-tools monorepo sibling; stable false positive for this package.	ai	2026/05/26
dependencies	unvetted-dep:@sap-ux/nodejs-utils	AI (dependencies): Same SAP open-ux-tools monorepo sibling; stable false positive for this package.	ai	2026/05/26

Versions (showing 100 of 114)

Version	Deps	Published
1.0.6	10 / 5	2026-06-04
1.0.5	10 / 5	2026-06-04
1.0.3	10 / 5	2026-06-03
1.0.2	10 / 5	2026/06/02
1.0.1	10 / 5	2026-06-01
1.0.0	10 / 5	2026-05-30
0.7.5	10 / 4	2026-05-27
0.7.3	10 / 4	2026-05-26
0.7.2	10 / 4	2026-05-21
0.7.1	10 / 4	2026-05-19
0.7.0	10 / 4	2026-05-15
0.6.105	10 / 4	2026-05-13
0.6.104	10 / 4	2026-05-06
0.6.103	10 / 4	2026-04-30
0.6.102	10 / 4	2026-04-29
0.6.101	10 / 4	2026-04-27
0.6.100	10 / 4	2026-04-23
0.6.99	10 / 4	2026-04-15
0.6.98	10 / 4	2026-04-14
0.6.97	10 / 4	2026-04-14
0.6.96	10 / 4	2026-04-08
0.6.95	10 / 4	2026-04-01
0.6.94	10 / 4	2026-03-30
0.6.93	10 / 4	2026-03-27
0.6.92	10 / 4	2026-03-27
0.6.91	10 / 4	2026-03-26
0.6.90	10 / 4	2026-03-26
0.6.89	10 / 4	2026-03-25
0.6.88	10 / 4	2026-03-20
0.6.87	10 / 4	2026-03-17
0.6.86	10 / 4	2026-03-05
0.6.85	10 / 4	2026-03-05
0.6.84	10 / 4	2026-03-05
0.6.83	10 / 4	2026-03-04
0.6.82	10 / 4	2026-02-27
0.6.81	10 / 4	2026-02-26
0.6.80	10 / 4	2026-02-23
0.6.78	10 / 4	2026-02-21
0.6.77	10 / 4	2026-02-20
0.6.76	10 / 4	2026-02-20
0.6.75	10 / 4	2026-02-18
0.6.74	10 / 4	2026-02-16
0.6.72	10 / 4	2026-02-13
0.6.71	10 / 4	2026-02-13
0.6.70	10 / 4	2026-02-12
0.6.69	10 / 4	2026-02-11
0.6.68	10 / 4	2026-02-09
0.6.67	10 / 4	2026-02-05
0.6.66	10 / 4	2026-02-05
0.6.65	10 / 4	2026-02-05
0.6.64	10 / 4	2026-02-05
0.6.63	10 / 4	2026-02-04
0.6.62	10 / 4	2026-02-03
0.6.61	10 / 4	2026-01-30
0.6.60	10 / 4	2026-01-29
0.6.59	10 / 4	2026-01-28
0.6.58	10 / 4	2026-01-24
0.6.57	10 / 4	2026-01-23
0.6.56	10 / 4	2026-01-16
0.6.55	10 / 4	2026-01-16
0.6.54	10 / 4	2026-01-15
0.6.53	10 / 4	2026-01-14
0.6.52	10 / 4	2026-01-12
0.6.51	10 / 4	2026-01-09
0.6.50	10 / 4	2025-12-19
0.6.49	10 / 4	2025-12-18
0.6.48	10 / 4	2025-12-16
0.6.47	10 / 4	2025-12-15
0.6.46	10 / 4	2025-12-14
0.6.45	10 / 4	2025-12-11
0.6.43	10 / 4	2025-12-09
0.6.42	10 / 4	2025-12-04
0.6.41	10 / 4	2025-11-28
0.6.40	10 / 4	2025-11-26
0.6.39	10 / 4	2025-11-24
0.6.38	10 / 4	2025-11-06
0.6.37	10 / 4	2025-11-05
0.6.36	10 / 4	2025-10-31
0.6.35	10 / 4	2025-10-29
0.6.34	10 / 4	2025-10-29
0.6.33	10 / 4	2025-10-27
0.6.32	10 / 4	2025-10-22
0.6.31	10 / 4	2025-10-21
0.6.30	10 / 4	2025-10-17
0.6.29	10 / 4	2025-10-14
0.6.28	10 / 6	2025-10-10
0.6.27	10 / 6	2025-10-07
0.6.25	10 / 6	2025-10-06
0.6.24	10 / 6	2025-09-23
0.6.23	10 / 6	2025-09-19
0.6.22	10 / 6	2025-09-19
0.6.21	10 / 6	2025-09-18
0.6.20	10 / 6	2025-09-16
0.6.19	10 / 6	2025-09-01
0.6.18	10 / 6	2025-08-28
0.6.17	10 / 6	2025-08-21
0.6.16	10 / 6	2025-08-14
0.6.15	10 / 6	2025-08-13
0.6.14	10 / 6	2025-08-07
0.6.13	9 / 6	2025-08-01

Showing 100 of 114 Next page →

v1.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.3

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-26) provenance

This version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.1

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-19) provenance

This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.