@tanstack/react-start-client
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:cookie-es | AI (phantom-deps): Used in server-side config context; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:jsesc | AI (phantom-deps): Used in bundler/config context, not direct import; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:vinxi | AI (phantom-deps): vinxi is a build/runtime framework dependency used in config; not a direct import by design. | ai | |
| phantom-deps | phantom-dep:tiny-warning | AI (phantom-deps): tiny-warning is a declared dependency; phantom-dep detection is a low-signal finding with no security implication. | ai | |
| provenance | publisher-changed | AI (provenance): TanStack moved to GitHub Actions CI/CD publishing with SLSA provenance; this is a legitimate and expected transition for the project. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): lachlancollins is a known TanStack collaborator/maintainer across multiple TanStack packages. | ai | |
| provenance | slsa-provenance | AI (provenance): TanStack packages are consistently published via CI with SLSA provenance; this is expected and stable for all versions of this package. | ai |
Versions (showing 100 of 384)
| Version | Deps | Published |
|---|---|---|
| 1.157.8 | 5 / 2 | |
| 1.157.7 | 5 / 2 | |
| 1.157.6 | 5 / 2 | |
| 1.157.5 | 5 / 2 | |
| 1.157.4 | 5 / 2 | |
| 1.157.3 | 5 / 2 | |
| 1.157.2 | 5 / 2 | |
| 1.157.1 | 5 / 2 | |
| 1.157.0 | 5 / 2 | |
| 1.156.0 | 5 / 2 | |
| 1.155.0 | 5 / 2 | |
| 1.154.14 | 5 / 2 | |
| 1.154.13 | 5 / 2 | |
| 1.154.12 | 5 / 2 | |
| 1.154.10 | 5 / 2 | |
| 1.154.8 | 5 / 2 | |
| 1.154.7 | 5 / 2 | |
| 1.154.6 | 5 / 2 | |
| 1.154.5 | 5 / 2 | |
| 1.154.4 | 5 / 2 | |
| 1.154.3 | 5 / 2 | |
| 1.154.2 | 5 / 2 | |
| 1.154.1 | 5 / 2 | |
| 1.153.2 | 5 / 2 | |
| 1.153.1 | 5 / 2 | |
| 1.153.0 | 5 / 2 | |
| 1.152.0 | 5 / 2 | |
| 1.151.6 | 5 / 2 | |
| 1.151.3 | 5 / 2 | |
| 1.151.2 | 5 / 2 | |
| 1.151.1 | 5 / 2 | |
| 1.151.0 | 5 / 2 | |
| 1.150.0 | 5 / 2 | |
| 1.149.3 | 5 / 2 | |
| 1.149.1 | 5 / 2 | |
| 1.148.0 | 5 / 2 | |
| 1.147.3 | 5 / 2 | |
| 1.147.2 | 5 / 2 | |
| 1.147.1 | 5 / 2 | |
| 1.147.0 | 5 / 2 | |
| 1.146.2 | 5 / 2 | |
| 1.146.1 | 5 / 2 | |
| 1.146.0 | 5 / 2 | |
| 1.145.11 | 5 / 2 | |
| 1.145.7 | 5 / 2 | |
| 1.145.6 | 5 / 2 | |
| 1.145.0 | 5 / 2 | |
| 1.144.0 | 5 / 2 | |
| 1.143.12 | 5 / 2 | |
| 1.143.11 | 5 / 2 | |
| 1.143.9 | 5 / 2 | |
| 1.143.8 | 5 / 2 | |
| 1.143.6 | 5 / 2 | |
| 1.143.4 | 5 / 2 | |
| 1.143.3 | 5 / 2 | |
| 1.143.2 | 5 / 2 | |
| 1.142.13 | 5 / 2 | |
| 1.142.11 | 5 / 2 | |
| 1.142.8 | 5 / 2 | |
| 1.142.7 | 5 / 2 | |
| 1.142.6 | 5 / 2 | |
| 1.142.1 | 5 / 2 | |
| 1.141.8 | 5 / 2 | |
| 1.141.6 | 5 / 2 | |
| 1.141.4 | 5 / 2 | |
| 1.141.2 | 5 / 2 | |
| 1.141.1 | 5 / 2 | |
| 1.141.0 | 5 / 2 | |
| 1.140.5 | 5 / 2 | |
| 1.140.2 | 5 / 2 | |
| 1.140.1 | 5 / 2 | |
| 1.140.0 | 5 / 2 | |
| 1.139.14 | 5 / 2 | |
| 1.139.13 | 5 / 2 | |
| 1.139.12 | 5 / 2 | |
| 1.139.11 | 5 / 2 | |
| 1.139.10 | 5 / 2 | |
| 1.139.9 | 5 / 2 | |
| 1.139.7 | 5 / 2 | |
| 1.139.6 | 5 / 2 | |
| 1.139.5 | 5 / 2 | |
| 1.139.3 | 5 / 2 | |
| 1.139.1 | 5 / 2 | |
| 1.139.0 | 5 / 2 | |
| 1.136.18 | 5 / 2 | |
| 1.136.17 | 5 / 2 | |
| 1.136.16 | 5 / 2 | |
| 1.136.15 | 5 / 2 | |
| 1.136.14 | 5 / 2 | |
| 1.136.13 | 5 / 2 | |
| 1.136.11 | 5 / 2 | |
| 1.136.10 | 5 / 2 | |
| 1.136.9 | 5 / 2 | |
| 1.136.8 | 5 / 2 | |
| 1.136.6 | 5 / 2 | |
| 1.136.5 | 5 / 2 | |
| 1.136.4 | 5 / 2 | |
| 1.136.3 | 5 / 2 | |
| 1.136.2 | 5 / 2 | |
| 1.136.1 | 5 / 2 |
v1.157.8
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.7
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.6
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.5
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.4
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.157.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.156.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.155.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.14
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.13
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.12
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.10
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.8
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.7
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.6
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.5
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.4
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.153.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.153.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.153.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.152.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.151.6
2 findingsThis version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.151.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.151.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.151.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.151.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.150.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.149.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.149.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.148.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.147.3
2 findingsThis version was published by a different npm account than previous versions on 2026-01-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.147.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.147.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.147.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.146.2
2 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.146.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.146.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.145.11
2 findingsThis version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.145.7
2 findingsThis version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.145.6
2 findingsThis version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.145.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.144.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.12
2 findingsThis version was published by a different npm account than previous versions on 2025-12-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.11
2 findingsThis version was published by a different npm account than previous versions on 2025-12-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.9
2 findingsThis version was published by a different npm account than previous versions on 2025-12-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.8
2 findingsThis version was published by a different npm account than previous versions on 2025-12-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.6
2 findingsThis version was published by a different npm account than previous versions on 2025-12-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.4
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.3
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.143.2
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.13
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.11
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.8
2 findingsThis version was published by a different npm account than previous versions on 2025-12-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.7
2 findingsThis version was published by a different npm account than previous versions on 2025-12-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.6
2 findingsThis version was published by a different npm account than previous versions on 2025-12-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.142.1
2 findingsThis version was published by a different npm account than previous versions on 2025-12-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.8
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.6
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.4
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.2
2 findingsThis version was published by a different npm account than previous versions on 2025-12-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.1
2 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.140.5
2 findingsThis version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.140.2
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.140.1
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.140.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.136.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.