@sentry/replay
User replays for Sentry
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Sentry is a large org; maintainer roster changes over time are routine. Publisher remains the trusted sentry-bot account with no new unknown maintainers added. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is used in a Proxy handler for deprecation warnings on mirrored APIs — idiomatic JS, not obfuscation. Stable pattern in Sentry SDK. | ai | |
| provenance | no-provenance | AI (provenance): Sentry does not publish with Sigstore provenance for this package; consistent across all releases and not a security risk given the trusted publisher. | ai |
Versions (showing 51 of 182)
| Version | Deps | Published |
|---|---|---|
| 7.120.4 | 4 / 6 | |
| 7.120.3 | 4 / 6 | |
| 7.120.2 | 4 / 6 | |
| 7.120.1 | 4 / 6 | |
| 7.120.0 | 4 / 6 | |
| 7.119.2 | 4 / 6 | |
| 7.119.1 | 4 / 6 | |
| 7.119.0 | 4 / 6 | |
| 7.118.0 | 4 / 6 | |
| 7.117.0 | 4 / 6 | |
| 7.116.0 | 4 / 6 | |
| 7.115.0 | 4 / 6 | |
| 7.114.0 | 4 / 6 | |
| 7.113.0 | 4 / 6 | |
| 7.112.2 | 4 / 6 | |
| 7.112.1 | 4 / 6 | |
| 7.112.0 | 4 / 6 | |
| 7.111.0 | 4 / 6 | |
| 7.110.1 | 4 / 6 | |
| 7.110.0 | 4 / 6 | |
| 7.109.0 | 4 / 6 | |
| 7.108.0 | 4 / 6 | |
| 7.107.0 | 4 / 6 | |
| 7.106.1 | 4 / 6 | |
| 7.106.0 | 4 / 6 | |
| 7.105.0 | 4 / 6 | |
| 7.104.0 | 4 / 6 | |
| 7.103.0 | 4 / 6 | |
| 7.102.1 | 4 / 6 | |
| 7.102.0 | 4 / 6 | |
| 7.101.1 | 4 / 6 | |
| 7.101.0 | 4 / 6 | |
| 7.100.1 | 4 / 6 | |
| 7.100.0 | 4 / 6 | |
| 7.99.0 | 4 / 6 | |
| 7.98.0 | 4 / 6 | |
| 7.97.0 | 4 / 6 | |
| 7.96.0 | 4 / 6 | |
| 7.95.0 | 4 / 6 | |
| 7.94.1 | 4 / 6 | |
| 7.94.0 | 4 / 6 | |
| 7.93.0 | 4 / 6 | |
| 7.92.0 | 4 / 6 | |
| 7.91.0 | 4 / 6 | |
| 7.90.0 | 4 / 6 | |
| 7.89.0 | 4 / 6 | |
| 7.88.0 | 4 / 6 | |
| 7.87.0 | 4 / 6 | |
| 7.86.0 | 4 / 6 | |
| 7.85.0 | 4 / 6 | |
| 7.84.0 | 4 / 6 |
v7.120.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.120.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.120.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.120.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.120.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.119.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.119.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.119.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.118.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.117.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.116.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.115.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.114.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.113.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.112.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.112.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.112.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.111.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.110.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.110.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.109.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.108.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.107.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.106.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.106.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.105.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.104.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.103.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.102.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.102.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.101.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.101.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.100.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.100.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.99.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.98.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.97.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.96.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.95.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.94.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.94.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.93.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.92.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.91.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.90.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.89.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.88.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.87.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.86.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.85.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.84.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.