@techsee/techsee-media-service
Techsee Media Service
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@techsee/techsee-common | AI (dependencies): First-party TechSee monorepo dependency; stable pattern across all versions of this package. | ai | |
| provenance | no-provenance | AI (provenance): Established org package; provenance not used across this publisher's ecosystem. | ai | |
| install-scripts | install-script:preinstall | AI (install-scripts): Preinstall runs only lint/audit tooling with || true fallback; stable pattern across this package's many versions. | ai |
Versions (showing 49 of 49)
| Version | Deps | Published |
|---|---|---|
| 26.159.0 | 5 / 43 | |
| 26.158.0 | 5 / 43 | |
| 26.157.0 | 5 / 43 | |
| 26.156.0 | 5 / 43 | |
| 26.155.0 | 5 / 43 | |
| 26.153.0 | 5 / 43 | |
| 26.152.0 | 5 / 43 | |
| 26.151.0 | 5 / 43 | |
| 26.150.0 | 5 / 43 | |
| 26.149.0 | 5 / 43 | |
| 26.147.0 | 5 / 43 | |
| 26.146.0 | 5 / 43 | |
| 26.144.0 | 5 / 43 | |
| 26.139.0 | 5 / 43 | |
| 26.138.0 | 5 / 43 | |
| 26.137.0 | 5 / 43 | |
| 26.136.0 | 5 / 43 | |
| 26.135.0 | 5 / 43 | |
| 26.134.0 | 5 / 43 | |
| 26.132.0 | 5 / 43 | |
| 26.125.0 | 5 / 43 | |
| 26.124.0 | 5 / 43 | |
| 26.120.0 | 5 / 43 | |
| 26.116.0 | 5 / 43 | |
| 26.111.0 | 5 / 43 | |
| 26.110.0 | 5 / 43 | |
| 26.109.0 | 5 / 43 | |
| 26.106.0 | 5 / 43 | |
| 26.104.0 | 5 / 43 | |
| 26.103.0 | 5 / 43 | |
| 26.102.0 | 5 / 43 | |
| 26.101.0 | 5 / 43 | |
| 26.99.0 | 5 / 43 | |
| 26.98.0 | 5 / 43 | |
| 26.97.0 | 5 / 43 | |
| 26.96.0 | 5 / 43 | |
| 26.94.0 | 5 / 43 | |
| 26.89.0 | 5 / 43 | |
| 26.86.0 | 5 / 43 | |
| 26.85.0 | 5 / 43 | |
| 26.84.0 | 5 / 43 | |
| 26.83.0 | 5 / 43 | |
| 26.81.0 | 5 / 43 | |
| 26.80.0 | 5 / 43 | |
| 26.30.0 | 5 / 43 | |
| 26.29.0 | 5 / 43 | |
| 26.27.0 | 5 / 43 | |
| 26.25.0 | 5 / 43 | |
| 26.24.0 | 5 / 43 |
v26.159.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.158.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.157.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.156.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.155.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.153.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.152.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.151.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.150.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v26.147.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.146.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.144.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.139.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.138.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.137.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.136.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.135.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.134.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.132.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.125.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.124.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.120.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.116.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.111.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.110.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.109.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.106.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.104.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.102.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.101.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.99.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.98.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.97.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.96.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.94.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.89.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.86.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.85.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.84.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.83.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.81.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.80.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.30.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.29.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.27.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.25.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v26.24.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.