@stryker-mutator/api No license 11 versions

@stryker-mutator/api

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

nicojsarchcrysimondelstrykermutator-npa

Keywords

mutation testingmutationtestingtestjsstryker

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from named maintainer to GitHub Actions CI/CD with SLSA provenance; standard for this org.	ai	2026/06/07
publish-pattern	dormant-publish	AI (publish-pattern): Stryker monorepo; @stryker-mutator/api publishes infrequently but org is continuously active.	ai	2026/06/07
dependencies	unvetted-dep:typed-inject	AI (dependencies): typed-inject is a well-known DI library used throughout the stryker-mutator ecosystem; stable dependency.	ai	2026/06/06
dependencies	unvetted-dep:mutation-testing-metrics	AI (dependencies): mutation-testing-metrics is a first-party stryker-mutator package; stable dependency.	ai	2026/06/06
typosquat	typosquat.levenshtein:hapi	AI (typosquat): Scoped @stryker-mutator/api is not a typosquat of 'hapi'; false positive on edit distance.	ai	2026/05/13
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is declared in dependencies and used implicitly by TypeScript compilation; stable FP.	ai	2026/05/13
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped @stryker-mutator/api is not a typosquat of 'pg'; false positive.	ai	2026/05/13
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped @stryker-mutator/api is not a typosquat of 'joi'; false positive.	ai	2026/05/13
typosquat	typosquat.levenshtein:ajv	AI (typosquat): Scoped @stryker-mutator/api is not a typosquat of 'ajv'; false positive.	ai	2026/05/13

Versions (showing 11 of 11)

Version	Deps	Published
9.6.1	4 / 1	2026-04-10
9.6.0	4 / 1	2026-02-27
9.5.1	4 / 1	2026-02-02
9.5.0	4 / 1	2026-01-30
9.4.0	4 / 1	2025-11-23
9.3.0	4 / 1	2025-10-28
9.2.0	4 / 1	2025-10-04
9.1.1	4 / 1	2025-08-30
9.1.0	4 / 1	2025-08-30
9.0.1	4 / 1	2025-05-14
9.0.0	4 / 1	2025-05-13

v9.6.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@stryker-mutator/api' is 1 edit(s) away from popular package 'hapi'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.6.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@stryker-mutator/api' is 1 edit(s) away from popular package 'hapi'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.5.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@stryker-mutator/api' is 1 edit(s) away from popular package 'hapi'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.5.0

2 findings

HIGH Publisher changed: strykermutator-npa → GitHub Actions (on 2026-01-30) provenance

This version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.4.0

2 findings

HIGH Publisher changed: strykermutator-npa → GitHub Actions (on 2025-11-23) provenance

This version was published by a different npm account than previous versions on 2025-11-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.3.0

2 findings

HIGH Publisher changed: strykermutator-npa → GitHub Actions (on 2025-10-28) provenance

This version was published by a different npm account than previous versions on 2025-10-28. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.1.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@stryker-mutator/api' is 1 edit(s) away from popular package 'hapi'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.