@segment/analytics.js-integration-marketo-v2
The Marketo analytics.js integration.
1
Versions
SEE LICENSE IN LICENSE
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
seghungtranalayvoratv0pchen-twiliohema-segmentsudojatinmkhan-twiliomayberexanandjhapmuninoscbkrousseaubrandongregoryscottknksmith57sachinwathorefhalim-segmentcfreemettledrum5t0k4st1kmaerf0x0gnijorifonseka1aniket.guptahjoonpmlauramunozjimenezceline-segmentparsa-segmenthmorgan94pmcanseco-segmentynguyenmshwerydebajitrmasiragpsamsonamillet89cholt002av-segmentaghotikarvikrant-segmentankur.agarwallarryatsegmentlbrinkshivpoojan-segmentariel_segmentzkuzmic-segmentscruwys1sowjanyaedarachrischalstromrossedforteesegmentlew-gordonkyliepedersenjinaparkskntwiliosegmentiosegment-admindominicbarnesshobhita-agarwaldeanhuynhjlineaweaverladanazitaanoonanperipheralachille-rousselrajulvaderanettofarahdalchandclpediredlaalbert.segmentsegment-danielstjulesn2parkosegment-andy-yeosahilppsankaranarayanavdemedesemilio-gomez-lavinandreiko_ruxagosleifdreizleralan-segmenttyson_segmentbgamwelljfabre-segmentuditmehtahellooimkatbrienne.mcnallysanscontexteculveraultimussalolivareserikdwchenxiangzhangfauzyyjaimaldavidbirdsongktrinhcalthomsonyunqiaohuangdk1027nielssegmentcdrycroftyabrirajulee05kamebkjryan_segmentlaurenmreedertidothegreatmericssonprayansh-segmenttstargaesserandyguwcjeremylarkinbsneeddanieljackinstomeliazsegment-sethbihlshamil.ataevjames9446priscilla.giattikellylusmokeybearsjmbucknerbenhorowitzyolken-segmentnlsunthomas-pelletier-segmentbrian-segmentsegment-michaelcohara87drew-thompsonsegment-jsinghvanesngcvillelapauljaeinyoomniehestephmentsharadbhadouriaemilycmaggieyuanoonan16durganijulio.farahhblanks-segmentrsatashyaanjuhaeleeakleiner2kathryn-taylorandrius-segmentpooyajllbsgmtlab176valerieernstucarionsolon.aguiarrjenkinssegsegment-ulyssekhinkalilovermaloneyazackureykelcookarta.razaviodorenalistairbarrellanna.choiwhamo12amaloneygilomerkiara.daswanimarcelopvyannieyiperic.rognermarinherolcamposgcorey.chingsteve_at_segmenttepahksorrel.jcjo2fc-segmentkdharaiyawarrengreenjon.anderson-at-segment.commarkzegarellistysegmentajhenrystacy.songniveda.balananthancollinvandyckkrlvrexatsegmentnickaguilartri.truongcsayusojoyce-shibradenbeckerneha.sanghrajkareneewangdan.laskysam.tapiagbbastosvikramkumar19mpriyad25peter.walkerjeremy.parkerkhamidou-segmentsmidgesdaltonscharff
Keywords
analytics.jsanalytics.js-integrationsegmentmarketo
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:jsonp | AI (phantom-deps): jsonp is a declared runtime dep used indirectly via integration framework; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:proclaim | AI (phantom-deps): proclaim is a test assertion lib referenced in config; not a real phantom-dep concern. | ai | |
| phantom-deps | phantom-dep:@segment/fmt | AI (phantom-deps): Same-org Segment utility; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:component-bind | AI (phantom-deps): component-bind is a standard component ecosystem dep; phantom-dep flag is a false positive. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 4.0.2 | 9 / 15 |
v4.0.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.