@snyk/fix
Snyk fix library and utility
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@snyk/dep-graph | AI (dependencies): Internal Snyk sibling package; consistently used across this package's version history. | ai | |
| dependencies | unvetted-dep:@snyk/fix-poetry | AI (dependencies): Internal Snyk sibling package; consistently used across this package's version history. | ai | |
| dependencies | unvetted-dep:@snyk/fix-pipenv-pipfile | AI (dependencies): Internal Snyk sibling package; consistently used across this package's version history. | ai | |
| provenance | no-provenance | AI (provenance): Snyk's publishing pipeline consistently lacks Sigstore attestation; stable false positive for this package family. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 1.1305.1 | 11 / 0 | |
| 1.1305.0 | 11 / 0 | |
| 1.1304.3 | 11 / 0 | |
| 1.1304.2 | 11 / 0 | |
| 1.1304.1 | 11 / 0 | |
| 1.1304.0 | 11 / 0 | |
| 1.1303.2 | 11 / 0 | |
| 1.1303.1 | 11 / 0 | |
| 1.1303.0 | 11 / 0 | |
| 1.1302.1 | 11 / 0 | |
| 1.1302.0 | 11 / 0 | |
| 1.1301.2 | 11 / 0 | |
| 1.1301.1 | 11 / 0 | |
| 1.1301.0 | 11 / 0 | |
| 1.1300.2 | 11 / 0 | |
| 1.1300.1 | 11 / 0 | |
| 1.1300.0 | 11 / 0 | |
| 1.1299.1 | 11 / 0 | |
| 1.1299.0 | 11 / 0 | |
| 1.1298.3 | 11 / 0 | |
| 1.1298.2 | 11 / 0 | |
| 1.1298.1 | 11 / 0 | |
| 1.1298.0 | 11 / 0 | |
| 1.1297.3 | 11 / 0 | |
| 1.1297.2 | 11 / 0 | |
| 1.1297.1 | 11 / 0 | |
| 1.1297.0 | 11 / 0 |
v1.1305.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1305.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1304.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1304.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1304.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1303.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1303.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1303.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1302.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1302.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1301.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1301.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1301.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1300.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1300.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1300.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1299.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1299.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1298.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1298.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1298.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1298.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1297.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1297.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1297.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1297.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.