@thi.ng/dcons
Double-linked lists with comprehensive set of operations (incl. optional self-organizing behaviors)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped @thi.ng package in a large monorepo; Levenshtein match to 'cors' is spurious. | ai | |
| dependencies | unvetted-dep:@thi.ng/api | AI (dependencies): Sibling package in the same thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/random | AI (dependencies): Sibling package in the same thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/compare | AI (dependencies): Sibling package in the same thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/transducers | AI (dependencies): Sibling package in the same thi.ng/umbrella monorepo; stable false positive. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 3.2.199 | 7 / 3 | |
| 3.2.198 | 7 / 3 | |
| 3.2.197 | 7 / 3 | |
| 3.2.195 | 7 / 3 | |
| 3.2.194 | 7 / 3 | |
| 3.2.192 | 7 / 3 | |
| 3.2.191 | 7 / 3 | |
| 3.2.190 | 7 / 3 | |
| 3.2.189 | 7 / 3 | |
| 3.2.188 | 7 / 3 | |
| 3.2.187 | 7 / 3 | |
| 3.2.186 | 7 / 3 | |
| 3.2.185 | 7 / 3 | |
| 3.2.184 | 7 / 3 | |
| 3.2.182 | 7 / 3 | |
| 3.2.181 | 7 / 3 | |
| 3.2.180 | 7 / 3 | |
| 3.2.179 | 7 / 3 | |
| 3.2.178 | 7 / 3 | |
| 3.2.177 | 7 / 3 | |
| 3.2.176 | 7 / 3 | |
| 3.2.175 | 7 / 3 | |
| 3.2.174 | 7 / 3 | |
| 3.2.173 | 7 / 3 | |
| 3.2.169 | 7 / 3 | |
| 3.2.168 | 7 / 3 | |
| 3.2.167 | 7 / 3 | |
| 3.2.166 | 7 / 3 | |
| 3.2.165 | 7 / 3 | |
| 3.2.164 | 7 / 3 | |
| 3.2.163 | 7 / 3 | |
| 3.2.162 | 7 / 3 | |
| 3.2.161 | 7 / 3 | |
| 3.2.160 | 7 / 3 | |
| 3.2.159 | 7 / 3 | |
| 3.2.158 | 7 / 3 | |
| 3.2.157 | 7 / 3 | |
| 3.2.156 | 7 / 3 | |
| 3.2.155 | 7 / 3 | |
| 3.2.154 | 7 / 3 | |
| 3.2.153 | 7 / 3 | |
| 3.2.152 | 7 / 3 | |
| 3.2.151 | 7 / 3 |
v3.2.199
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.198
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.197
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.195
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.194
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.189
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.187
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.186
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.185
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.184
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.182
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.181
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.180
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.179
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.178
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.177
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.176
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.175
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.174
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.173
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.169
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.168
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.167
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.166
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.165
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.164
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.163
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.162
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.161
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.160
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.159
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.158
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.157
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.156
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.155
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.154
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.151
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.