@stryke/helpers
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions with SLSA provenance attestation — consistent with a legitimate CI/CD migration for storm-software/stryke. Generalizes to future versions published via the same pipeline. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Off-topic README content and missing keywords are cosmetic issues with no security relevance for this established utility library. | ai |
Versions (showing 51 of 77)
| Version | Deps | Published |
|---|---|---|
| 0.10.24 | 3 / 1 | |
| 0.10.23 | 3 / 1 | |
| 0.10.22 | 3 / 1 | |
| 0.10.21 | 3 / 1 | |
| 0.10.20 | 3 / 1 | |
| 0.10.19 | 3 / 1 | |
| 0.10.18 | 3 / 1 | |
| 0.10.17 | 3 / 1 | |
| 0.10.16 | 3 / 1 | |
| 0.10.15 | 3 / 1 | |
| 0.10.14 | 3 / 1 | |
| 0.10.13 | 0 / 1 | |
| 0.10.12 | 0 / 1 | |
| 0.10.11 | 0 / 1 | |
| 0.10.10 | 0 / 1 | |
| 0.10.9 | 0 / 1 | |
| 0.10.8 | 0 / 1 | |
| 0.10.7 | 0 / 1 | |
| 0.10.6 | 0 / 1 | |
| 0.10.5 | 0 / 1 | |
| 0.10.4 | 0 / 1 | |
| 0.10.3 | 0 / 1 | |
| 0.10.2 | 0 / 1 | |
| 0.10.1 | 0 / 1 | |
| 0.10.0 | 0 / 1 | |
| 0.9.51 | 0 / 1 | |
| 0.9.48 | 0 / 1 | |
| 0.9.47 | 0 / 1 | |
| 0.9.46 | 0 / 1 | |
| 0.9.45 | 0 / 1 | |
| 0.9.44 | 0 / 1 | |
| 0.9.43 | 0 / 1 | |
| 0.9.42 | 0 / 1 | |
| 0.9.40 | 0 / 1 | |
| 0.9.39 | 0 / 1 | |
| 0.9.38 | 0 / 1 | |
| 0.9.37 | 0 / 1 | |
| 0.9.36 | 0 / 1 | |
| 0.9.35 | 0 / 1 | |
| 0.9.34 | 0 / 1 | |
| 0.9.33 | 0 / 1 | |
| 0.9.32 | 0 / 1 | |
| 0.9.31 | 0 / 1 | |
| 0.9.30 | 0 / 1 | |
| 0.9.29 | 0 / 1 | |
| 0.9.28 | 0 / 1 | |
| 0.9.27 | 0 / 1 | |
| 0.9.26 | 0 / 1 | |
| 0.9.25 | 0 / 1 | |
| 0.9.24 | 0 / 1 | |
| 0.9.23 | 0 / 1 |
v0.10.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.17
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-25, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.10.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.