@splinetool/boolean-wasm
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Automated WASM build artifact; sparse metadata is expected for this internal @splinetool package across all versions. | ai |
Versions (showing 51 of 147)
| Version | Deps | Published |
|---|---|---|
| 1.12.97 | 0 / 3 | |
| 1.12.96 | 0 / 3 | |
| 1.12.95 | 0 / 3 | |
| 1.12.94 | 0 / 3 | |
| 1.12.93 | 0 / 3 | |
| 1.12.92 | 0 / 3 | |
| 1.12.91 | 0 / 3 | |
| 1.12.90 | 0 / 3 | |
| 1.12.89 | 0 / 3 | |
| 1.12.88 | 0 / 3 | |
| 1.12.87 | 0 / 3 | |
| 1.12.86 | 0 / 3 | |
| 1.12.85 | 0 / 3 | |
| 1.12.84 | 0 / 3 | |
| 1.12.83 | 0 / 3 | |
| 1.12.82 | 0 / 3 | |
| 1.12.81 | 0 / 3 | |
| 1.12.80 | 0 / 3 | |
| 1.12.79 | 0 / 3 | |
| 1.12.78 | 0 / 3 | |
| 1.12.77 | 0 / 3 | |
| 1.12.76 | 0 / 3 | |
| 1.12.75 | 0 / 3 | |
| 1.12.74 | 0 / 3 | |
| 1.12.6 | 0 / 3 | |
| 1.12.5 | 0 / 3 | |
| 1.12.4 | 0 / 3 | |
| 1.12.3 | 0 / 3 | |
| 1.12.2 | 0 / 3 | |
| 1.12.1 | 0 / 3 | |
| 1.12.0 | 0 / 3 | |
| 1.11.9 | 0 / 3 | |
| 1.11.8 | 0 / 3 | |
| 1.11.6 | 0 / 3 | |
| 1.11.5 | 0 / 3 | |
| 1.11.4 | 0 / 3 | |
| 1.11.3 | 0 / 3 | |
| 1.11.2 | 0 / 3 | |
| 1.11.1 | 0 / 3 | |
| 1.10.99 | 0 / 3 | |
| 1.10.98 | 0 / 3 | |
| 1.10.97 | 0 / 3 | |
| 1.10.96 | 0 / 3 | |
| 1.10.95 | 0 / 3 | |
| 1.10.94 | 0 / 3 | |
| 1.10.93 | 0 / 3 | |
| 1.10.92 | 0 / 3 | |
| 1.10.91 | 0 / 3 | |
| 1.10.90 | 0 / 3 | |
| 1.10.89 | 0 / 3 | |
| 1.10.88 | 0 / 3 |
v1.12.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.91
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.84
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.78
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.77
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.75
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.12.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.