@stryke/hash
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is a CI/CD migration within the same storm-software org, corroborated by SLSA provenance attestation on this and likely future versions. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All new deps (@stryke/fs, @stryke/json, @stryke/type-checks) are same-org @stryke scoped packages from the storm-software/stryke monorepo — routine internal dependency additions. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): @stryke/hash is a scoped hashing utility in the storm-software monorepo; the levenshtein match to 'hapi' is coincidental and not an impersonation attempt. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Same-org sibling package in the @stryke monorepo; indirect usage or re-export is expected across the ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/json | AI (phantom-deps): Same-org sibling package in the @stryke monorepo; indirect usage or re-export is expected across the ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Same-org sibling package in the @stryke monorepo; indirect usage or re-export is expected across the ecosystem. | ai |
Versions (showing 90 of 90)
| Version | Deps | Published |
|---|---|---|
| 0.13.38 | 5 / 2 | |
| 0.13.37 | 5 / 2 | |
| 0.13.36 | 5 / 2 | |
| 0.13.35 | 5 / 2 | |
| 0.13.34 | 5 / 2 | |
| 0.13.33 | 5 / 2 | |
| 0.13.32 | 5 / 2 | |
| 0.13.31 | 5 / 2 | |
| 0.13.30 | 5 / 2 | |
| 0.13.29 | 5 / 2 | |
| 0.13.28 | 5 / 2 | |
| 0.13.27 | 5 / 2 | |
| 0.13.26 | 5 / 2 | |
| 0.13.25 | 5 / 2 | |
| 0.13.24 | 5 / 2 | |
| 0.13.23 | 5 / 2 | |
| 0.13.22 | 5 / 2 | |
| 0.13.21 | 5 / 2 | |
| 0.13.20 | 5 / 2 | |
| 0.13.19 | 5 / 2 | |
| 0.13.18 | 5 / 2 | |
| 0.13.17 | 5 / 2 | |
| 0.13.16 | 5 / 2 | |
| 0.13.15 | 5 / 2 | |
| 0.13.14 | 5 / 2 | |
| 0.13.13 | 5 / 2 | |
| 0.13.12 | 5 / 2 | |
| 0.13.11 | 5 / 2 | |
| 0.13.10 | 5 / 2 | |
| 0.13.9 | 5 / 2 | |
| 0.13.8 | 5 / 2 | |
| 0.13.7 | 5 / 2 | |
| 0.13.6 | 5 / 2 | |
| 0.13.3 | 5 / 2 | |
| 0.13.2 | 5 / 2 | |
| 0.13.1 | 5 / 2 | |
| 0.13.0 | 5 / 2 | |
| 0.12.52 | 2 / 1 | |
| 0.12.51 | 2 / 1 | |
| 0.12.50 | 2 / 1 | |
| 0.12.49 | 2 / 1 | |
| 0.12.48 | 2 / 1 | |
| 0.12.46 | 2 / 1 | |
| 0.12.45 | 2 / 1 | |
| 0.12.44 | 2 / 1 | |
| 0.12.43 | 2 / 1 | |
| 0.12.42 | 2 / 1 | |
| 0.12.41 | 2 / 1 | |
| 0.12.40 | 2 / 1 | |
| 0.12.39 | 2 / 1 | |
| 0.12.38 | 2 / 1 | |
| 0.12.37 | 2 / 1 | |
| 0.12.36 | 2 / 1 | |
| 0.12.35 | 2 / 1 | |
| 0.12.34 | 2 / 1 | |
| 0.12.33 | 2 / 1 | |
| 0.12.32 | 2 / 1 | |
| 0.12.31 | 2 / 1 | |
| 0.12.30 | 2 / 1 | |
| 0.12.29 | 2 / 1 | |
| 0.12.28 | 2 / 1 | |
| 0.12.27 | 2 / 1 | |
| 0.12.26 | 2 / 1 | |
| 0.12.25 | 2 / 1 | |
| 0.12.24 | 2 / 1 | |
| 0.12.23 | 2 / 1 | |
| 0.12.22 | 2 / 1 | |
| 0.12.15 | 4 / 0 | |
| 0.12.14 | 4 / 0 | |
| 0.12.13 | 4 / 0 | |
| 0.12.12 | 4 / 0 | |
| 0.12.11 | 4 / 0 | |
| 0.12.10 | 4 / 0 | |
| 0.12.9 | 4 / 0 | |
| 0.12.8 | 4 / 0 | |
| 0.12.7 | 4 / 0 | |
| 0.12.6 | 4 / 0 | |
| 0.12.5 | 4 / 0 | |
| 0.12.4 | 4 / 0 | |
| 0.12.3 | 4 / 0 | |
| 0.12.2 | 4 / 0 | |
| 0.12.1 | 4 / 0 | |
| 0.12.0 | 4 / 0 | |
| 0.11.0 | 3 / 0 | |
| 0.10.0 | 3 / 0 | |
| 0.9.7 | 3 / 0 | |
| 0.9.6 | 3 / 0 | |
| 0.9.5 | 3 / 0 | |
| 0.9.4 | 3 / 0 | |
| 0.9.3 | 3 / 0 |
v0.13.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.30
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-25, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.13.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.12
2 findingsThis version was published by a different npm account than previous versions on 2026-03-14. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.