@sentry/replay
User replays for Sentry
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Sentry is a large org; maintainer roster changes over time are routine. Publisher remains the trusted sentry-bot account with no new unknown maintainers added. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is used in a Proxy handler for deprecation warnings on mirrored APIs — idiomatic JS, not obfuscation. Stable pattern in Sentry SDK. | ai | |
| provenance | no-provenance | AI (provenance): Sentry does not publish with Sigstore provenance for this package; consistent across all releases and not a security risk given the trusted publisher. | ai |
Versions (showing 82 of 182)
| Version | Deps | Published |
|---|---|---|
| 7.49.0 | 3 / 6 | |
| 7.48.0 | 3 / 6 | |
| 7.47.0 | 3 / 6 | |
| 7.46.0 | 3 / 6 | |
| 7.45.0 | 3 / 6 | |
| 7.44.2 | 3 / 6 | |
| 7.44.1 | 3 / 6 | |
| 7.44.0 | 3 / 6 | |
| 7.43.0 | 3 / 5 | |
| 7.42.0 | 3 / 5 | |
| 7.41.0 | 3 / 5 | |
| 7.40.0 | 3 / 5 | |
| 7.39.0 | 3 / 5 | |
| 7.38.0 | 3 / 5 | |
| 7.37.2 | 3 / 6 | |
| 7.37.1 | 3 / 6 | |
| 7.37.0 | 3 / 6 | |
| 7.36.0 | 3 / 6 | |
| 7.35.0 | 3 / 6 | |
| 7.34.0 | 3 / 6 | |
| 7.33.0 | 3 / 6 | |
| 7.32.1 | 3 / 6 | |
| 7.32.0 | 3 / 6 | |
| 7.31.1 | 3 / 6 | |
| 7.31.0 | 3 / 6 | |
| 7.30.0 | 3 / 6 | |
| 7.29.0 | 3 / 6 | |
| 7.28.1 | 3 / 8 | |
| 7.28.0 | 3 / 8 | |
| 7.27.0 | 3 / 8 | |
| 7.26.0 | 3 / 9 | |
| 7.25.0 | 3 / 9 | |
| 7.24.2 | 4 / 9 | |
| 7.24.1 | 4 / 9 | |
| 7.24.0 | 4 / 9 | |
| 0.6.14 | 5 / 31 | |
| 0.6.13 | 6 / 32 | |
| 0.6.11 | 6 / 32 | |
| 0.6.10 | 6 / 32 | |
| 0.6.9 | 6 / 32 | |
| 0.6.8 | 6 / 32 | |
| 0.6.7 | 6 / 32 | |
| 0.6.6 | 6 / 32 | |
| 0.6.5 | 6 / 32 | |
| 0.6.4 | 6 / 32 | |
| 0.6.3 | 6 / 32 | |
| 0.6.2 | 6 / 32 | |
| 0.6.1 | 6 / 32 | |
| 0.6.0 | 6 / 31 | |
| 0.5.23 | 6 / 31 | |
| 0.5.22 | 6 / 31 | |
| 0.5.21 | 7 / 31 | |
| 0.5.20 | 7 / 31 | |
| 0.5.19 | 6 / 30 | |
| 0.5.18 | 6 / 30 | |
| 0.5.17 | 6 / 30 | |
| 0.5.16 | 6 / 30 | |
| 0.5.15 | 5 / 29 | |
| 0.5.14 | 5 / 29 | |
| 0.5.13 | 5 / 29 | |
| 0.5.12 | 5 / 29 | |
| 0.5.11 | 5 / 29 | |
| 0.5.10 | 5 / 29 | |
| 0.5.9 | 5 / 29 | |
| 0.5.8 | 5 / 29 | |
| 0.5.7 | 5 / 29 | |
| 0.5.6 | 5 / 29 | |
| 0.5.5 | 5 / 29 | |
| 0.5.4 | 5 / 29 | |
| 0.5.3 | 5 / 29 | |
| 0.5.2 | 5 / 29 | |
| 0.5.1 | 5 / 29 | |
| 0.5.0 | 5 / 29 | |
| 0.4.9 | 5 / 29 | |
| 0.4.8 | 5 / 29 | |
| 0.4.7 | 5 / 29 | |
| 0.4.6 | 5 / 25 | |
| 0.4.5 | 5 / 25 | |
| 0.4.2 | 5 / 25 | |
| 0.4.1 | 5 / 25 | |
| 0.4.0 | 5 / 25 | |
| 0.3.0 | 5 / 25 |
v7.49.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.48.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.47.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.46.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.45.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.44.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.44.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.44.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.43.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.42.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.41.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.40.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.39.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.38.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.37.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.37.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.37.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.36.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.35.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.34.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.33.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.32.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.32.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.31.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.31.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.30.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.29.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.28.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.28.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.27.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.26.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.25.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.24.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.24.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.