@thi.ng/dsp
Composable signal generators, oscillators, filters, FFT, spectrum, windowing & related DSP utils
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped @thi.ng package; Levenshtein match to 'qs' is a false positive with no impersonation intent. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped @thi.ng package; Levenshtein match to 'yup' is a false positive with no impersonation intent. | ai | |
| dependencies | unvetted-dep:@thi.ng/api | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/math | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/random | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; stable false positive. | ai | |
| dependencies | unvetted-dep:@thi.ng/transducers | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; stable false positive. | ai |
Versions (showing 42 of 42)
| Version | Deps | Published |
|---|---|---|
| 4.7.119 | 6 / 3 | |
| 4.7.118 | 6 / 3 | |
| 4.7.117 | 6 / 3 | |
| 4.7.115 | 6 / 3 | |
| 4.7.114 | 6 / 3 | |
| 4.7.112 | 6 / 3 | |
| 4.7.111 | 6 / 3 | |
| 4.7.110 | 6 / 3 | |
| 4.7.109 | 6 / 3 | |
| 4.7.108 | 6 / 3 | |
| 4.7.107 | 6 / 3 | |
| 4.7.106 | 6 / 3 | |
| 4.7.105 | 6 / 3 | |
| 4.7.104 | 6 / 3 | |
| 4.7.102 | 6 / 3 | |
| 4.7.101 | 6 / 3 | |
| 4.7.100 | 6 / 3 | |
| 4.7.99 | 6 / 3 | |
| 4.7.98 | 6 / 3 | |
| 4.7.97 | 6 / 3 | |
| 4.7.96 | 6 / 3 | |
| 4.7.95 | 6 / 3 | |
| 4.7.94 | 6 / 3 | |
| 4.7.93 | 6 / 3 | |
| 4.7.89 | 6 / 3 | |
| 4.7.88 | 6 / 3 | |
| 4.7.87 | 6 / 3 | |
| 4.7.86 | 6 / 3 | |
| 4.7.85 | 6 / 3 | |
| 4.7.83 | 6 / 3 | |
| 4.7.82 | 6 / 3 | |
| 4.7.81 | 6 / 3 | |
| 4.7.80 | 6 / 3 | |
| 4.7.79 | 6 / 3 | |
| 4.7.78 | 6 / 3 | |
| 4.7.77 | 6 / 3 | |
| 4.7.76 | 6 / 3 | |
| 4.7.75 | 6 / 3 | |
| 4.7.74 | 6 / 3 | |
| 4.7.73 | 6 / 3 | |
| 4.7.72 | 6 / 3 | |
| 4.7.71 | 6 / 3 |
v4.7.119
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.118
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.117
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.115
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.114
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.7.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.7.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.7.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.82
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.81
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.80
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.79
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.75
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.72
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.71
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.