@stryke/json
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions as part of a CI/CD migration to SLSA-attested publishing. SLSA provenance attestation confirms legitimate build pipeline. Stable for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established Storm Software ecosystem package with 443 days history, 90 versions, and 14 approved inbound edges. Minor README/keyword issues are not security signals. | ai | |
| typosquat | typosquat.levenshtein:jsdom | AI (typosquat): @stryke/json is a scoped JSON utility package from Storm Software's monorepo; levenshtein match to jsdom is a false positive with no impersonation intent. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): @stryke/json is a scoped JSON utility package from Storm Software's monorepo; levenshtein match to joi is a false positive with no impersonation intent. | ai | |
| phantom-deps | phantom-dep:buffer | AI (phantom-deps): buffer is a declared runtime dependency in a JSON utility package; may be used for polyfilling or transitively. Not a security concern for this package. | ai |
Versions (showing 76 of 76)
| Version | Deps | Published |
|---|---|---|
| 0.15.8 | 6 / 3 | |
| 0.15.7 | 6 / 3 | |
| 0.15.6 | 6 / 3 | |
| 0.15.5 | 6 / 3 | |
| 0.15.4 | 6 / 3 | |
| 0.15.3 | 6 / 3 | |
| 0.15.2 | 6 / 3 | |
| 0.15.1 | 6 / 3 | |
| 0.15.0 | 6 / 3 | |
| 0.14.20 | 6 / 3 | |
| 0.14.19 | 4 / 3 | |
| 0.14.18 | 4 / 3 | |
| 0.14.17 | 4 / 3 | |
| 0.14.16 | 4 / 3 | |
| 0.14.15 | 4 / 3 | |
| 0.14.14 | 4 / 3 | |
| 0.14.13 | 4 / 3 | |
| 0.14.12 | 4 / 3 | |
| 0.14.11 | 4 / 3 | |
| 0.14.10 | 4 / 3 | |
| 0.14.9 | 4 / 3 | |
| 0.14.8 | 4 / 3 | |
| 0.14.7 | 4 / 3 | |
| 0.14.6 | 4 / 3 | |
| 0.14.5 | 4 / 3 | |
| 0.14.4 | 4 / 3 | |
| 0.14.3 | 4 / 3 | |
| 0.14.2 | 4 / 3 | |
| 0.14.0 | 4 / 3 | |
| 0.13.1 | 4 / 3 | |
| 0.13.0 | 4 / 3 | |
| 0.12.0 | 4 / 3 | |
| 0.11.0 | 4 / 3 | |
| 0.10.0 | 4 / 2 | |
| 0.9.44 | 3 / 2 | |
| 0.9.43 | 3 / 2 | |
| 0.9.41 | 3 / 2 | |
| 0.9.40 | 3 / 2 | |
| 0.9.39 | 3 / 2 | |
| 0.9.38 | 3 / 2 | |
| 0.9.37 | 3 / 2 | |
| 0.9.36 | 3 / 2 | |
| 0.9.35 | 3 / 2 | |
| 0.9.34 | 3 / 2 | |
| 0.9.33 | 3 / 2 | |
| 0.9.32 | 3 / 2 | |
| 0.9.31 | 3 / 2 | |
| 0.9.30 | 3 / 2 | |
| 0.9.29 | 3 / 2 | |
| 0.9.28 | 3 / 2 | |
| 0.9.27 | 3 / 2 | |
| 0.9.26 | 3 / 2 | |
| 0.9.25 | 3 / 2 | |
| 0.9.24 | 3 / 2 | |
| 0.9.23 | 3 / 2 | |
| 0.9.16 | 5 / 1 | |
| 0.9.15 | 5 / 1 | |
| 0.9.14 | 5 / 1 | |
| 0.9.13 | 5 / 1 | |
| 0.9.12 | 5 / 1 | |
| 0.9.11 | 5 / 1 | |
| 0.9.10 | 5 / 1 | |
| 0.9.9 | 5 / 1 | |
| 0.9.8 | 5 / 1 | |
| 0.9.7 | 5 / 1 | |
| 0.9.6 | 5 / 1 | |
| 0.9.5 | 5 / 1 | |
| 0.9.4 | 5 / 1 | |
| 0.9.3 | 5 / 1 | |
| 0.9.2 | 5 / 1 | |
| 0.9.1 | 5 / 1 | |
| 0.9.0 | 5 / 1 | |
| 0.8.3 | 6 / 1 | |
| 0.8.2 | 6 / 0 | |
| 0.8.1 | 6 / 0 | |
| 0.8.0 | 6 / 0 |
v0.15.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-25, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.2
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.