@stamhoofd/build-development-env
Environment presets are quick ways to switch between configurations when developing Stamhoofd.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Internal monorepo build tool; sparse metadata is expected for this package type. | ai |
Versions (showing 69 of 69)
| Version | Deps | Published |
|---|---|---|
| 2.121.0 | 0 / 0 | |
| 2.120.6 | 0 / 0 | |
| 2.120.5 | 0 / 0 | |
| 2.120.4 | 0 / 0 | |
| 2.120.3 | 0 / 0 | |
| 2.120.2 | 0 / 0 | |
| 2.120.1 | 0 / 0 | |
| 2.120.0 | 0 / 0 | |
| 2.119.0 | 0 / 0 | |
| 2.118.1 | 0 / 0 | |
| 2.118.0 | 0 / 0 | |
| 2.117.1 | 0 / 0 | |
| 2.117.0 | 0 / 0 | |
| 2.116.0 | 0 / 0 | |
| 2.115.1 | 0 / 0 | |
| 2.115.0 | 0 / 0 | |
| 2.114.1 | 0 / 0 | |
| 2.114.0 | 0 / 0 | |
| 2.113.0 | 0 / 0 | |
| 2.112.0 | 0 / 0 | |
| 2.111.0 | 0 / 0 | |
| 2.110.0 | 0 / 0 | |
| 2.109.0 | 0 / 0 | |
| 2.108.0 | 0 / 0 | |
| 2.107.3 | 0 / 0 | |
| 2.107.2 | 0 / 0 | |
| 2.107.1 | 0 / 0 | |
| 2.107.0 | 0 / 0 | |
| 2.106.1 | 0 / 0 | |
| 2.106.0 | 0 / 0 | |
| 2.105.0 | 0 / 0 | |
| 2.104.0 | 0 / 0 | |
| 2.103.1 | 0 / 0 | |
| 2.103.0 | 0 / 0 | |
| 2.102.0 | 0 / 0 | |
| 2.101.0 | 0 / 0 | |
| 2.100.1 | 0 / 0 | |
| 2.100.0 | 0 / 0 | |
| 2.99.1 | 0 / 0 | |
| 2.99.0 | 0 / 0 | |
| 2.98.0 | 0 / 0 | |
| 2.97.3 | 0 / 0 | |
| 2.97.2 | 0 / 0 | |
| 2.97.1 | 0 / 0 | |
| 2.97.0 | 0 / 0 | |
| 2.96.3 | 0 / 0 | |
| 2.96.2 | 0 / 0 | |
| 2.96.1 | 0 / 0 | |
| 2.96.0 | 0 / 0 | |
| 2.95.3 | 0 / 0 | |
| 2.95.2 | 0 / 0 | |
| 2.95.1 | 0 / 0 | |
| 2.95.0 | 0 / 0 | |
| 2.94.0 | 0 / 0 | |
| 2.93.0 | 0 / 0 | |
| 2.92.0 | 0 / 0 | |
| 2.91.0 | 0 / 0 | |
| 2.90.3 | 0 / 0 | |
| 2.90.2 | 0 / 0 | |
| 2.90.1 | 0 / 0 | |
| 2.90.0 | 0 / 0 | |
| 2.89.2 | 0 / 0 | |
| 2.89.1 | 0 / 0 | |
| 2.89.0 | 0 / 0 | |
| 2.88.1 | 0 / 0 | |
| 2.88.0 | 0 / 0 | |
| 2.87.1 | 0 / 0 | |
| 2.87.0 | 0 / 0 | |
| 2.86.0 | 0 / 0 |
v2.121.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.120.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.119.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.118.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.118.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.117.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.117.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.116.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.115.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.115.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.114.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.114.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.113.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.112.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.111.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.110.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.109.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.108.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.107.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.107.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.107.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.107.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.106.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.106.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.105.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.104.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.103.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.101.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.100.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.100.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.99.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.99.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.98.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.97.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.97.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.97.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.97.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.96.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.96.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.96.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.96.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.95.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.95.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.95.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.95.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.94.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.93.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.92.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.91.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.90.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.90.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.90.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.90.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.89.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.89.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.89.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.88.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.88.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.87.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.87.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.86.0
2 findingsMatched 6 signal(s), weighted score 7: • [S_README_NO_CODE] Short README with no code block, no install instructions, and no usage/API section. • [S_DESC_MATCHES_NAME] Description is empty or just restates the package name. • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_NO_DEPS] No runtime, dev, peer, or optional dependencies declared. • [S_INFLATED_FIRST_SEMVER] First publish at version 2.86.0 — inflated semver on a brand-new package.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.