@siteimprove/alfa-rectangle No license 17 versions

@siteimprove/alfa-rectangle

npm Repository Homepage

17

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

ahinpmsi-npm

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@siteimprove/alfa-hash	AI (dependencies): Sibling package from same Siteimprove alfa monorepo; stable false positive.	ai	2026/05/19
dependencies	unvetted-dep:@siteimprove/alfa-json	AI (dependencies): Sibling package from same Siteimprove alfa monorepo; stable false positive.	ai	2026/05/19
dependencies	unvetted-dep:@siteimprove/alfa-sequence	AI (dependencies): Sibling package from same Siteimprove alfa monorepo; stable false positive.	ai	2026/05/19
dependencies	unvetted-dep:@siteimprove/alfa-comparable	AI (dependencies): Sibling package from same Siteimprove alfa monorepo; stable false positive.	ai	2026/05/19

Versions (showing 17 of 17)

Version	Deps	Published
0.115.1	5 / 2	2026-05-29
0.114.3	5 / 2	2026-04-10
0.114.2	5 / 2	2026-04-09
0.114.1	5 / 2	2026-04-08
0.114.0	5 / 2	2026-04-01
0.113.0	5 / 2	2026-03-31
0.112.0	5 / 2	2026-02-24
0.111.0	5 / 2	2026-02-19
0.110.0	5 / 2	2026-02-05
0.109.0	5 / 2	2026-01-21
0.108.2	5 / 2	2025-12-10
0.108.1	5 / 2	2025-12-01
0.108.0	5 / 2	2025-11-25
0.107.0	5 / 2	2025-10-24
0.106.1	5 / 2	2025-10-22
0.104.1	5 / 2	2025-07-30
0.104.0	5 / 2	2025-07-28

v0.115.1

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: si-npm → ahinpm (on 2026-05-29, known maintainer) provenance

This version was published by a different npm account (ahinpm) than the most recent previously approved version (si-npm) on 2026-05-29, but ahinpm is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.114.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.113.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.112.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.111.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.110.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.109.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.108.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.108.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.108.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.107.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.106.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.104.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.104.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.