@segment/analytics.js-integration-omniture
The Omniture analytics.js integration.
1
Versions
SEE LICENSE IN LICENSE
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
peter.walkermpriyad25vikramkumar19gbbastossam.tapiadan.laskyreneewangneha.sanghrajkabradenbeckerjoyce-shicsayusotri.truongnickaguilarrexatsegmentkrlvcollinvandyckniveda.balananthanstacy.songajhenrystysegmentlogan.luquemarkzegarellijon.anderson-at-segment.comwarrengreenkdharaiyafc-segmentcjo2sorrel.jtepahksteve_at_segmentcorey.chinglcamposgmarinheroeric.rogneryannieyipmarcelopvkiara.daswanigilomeranna.choialistairbarrellodorenarta.razavikelcookgnijorlauramunozjimenezparsa-segmentynguyenmshweryflaquegpsamsonamillet89av-segmentscruwys1rownochenpengchengsegmentaimeeeesegmentsegmentiosegment-admindominicbarnesladanazitaanoonanperipheralachille-rousselnettofarahalbert.segmentsegment-danielstjulesjlee9595n2parkosegment-andy-yeosahilpvdemedesemilio-gomez-lavinf2prateekandreiko_ruxagosemily.lucketteleifdreizleralan-segmenttyson_segmentbgamwelljfabre-segmentuditmehtahellooimkatbrienne.mcnallysanscontexteculveraultimuserikdwfauzyyjaimaldavidbirdsongktrinhcalthomsonyunqiaohuangdk1027nickatsegmentnielssegmentknoonancdrycroftyabrirashsejulee05kamebkjryan_segmentlaurenmreedertidothegreatmericssonprayansh-segmenttstargaesserandyguwcjeremylarkinbsneeddanieljackinstomeliazsegment-sethxav_segmentbihlshamil.ataevjames9446priscilla.giattikellylusmokeybearsjmbucknerbenhorowitzyolken-segmentnlsunthomas-pelletier-segmentbrian-segmentsegment-michaelcohara87osamakhndrew-thompsonandy-lisegment-jsinghvanesngcvillelapauljaeinyoostevenmiller888mnieheiajiboyestephmentsharadbhadouriaemilycmaggieyuanoonan16durganicolinlohnerjulio.farahhblanks-segmentrsatashyaanjuhaeleeakleiner2kathryn-taylorandrius-segmentpooyajllbsgmtlab176valerieernstemilylucketteucarionsolon.aguiarrjenkinssegsegment-ulyssekhinkalilovermaloneyazackurey
Keywords
analytics.jsanalytics.js-integrationsegmentadobe-analyticsomniture
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:eval-usage | AI (semgrep): eval() in build.js is a JSON parser fallback pattern, not attacker-controlled input. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Browserify module loader pattern in bundled build.js; stable for this package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() used for comparison string parsing in build.js; benign template pattern. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP appears only in a JSDoc example comment, not in executable network code. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 2.2.1 | 6 / 15 |
v2.2.1
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.