@thisisagile/easy
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Explicit encode/decode utility in Base64.ts; not obfuscation, stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:validator | AI (phantom-deps): validator is a declared runtime dependency; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/uuid | AI (phantom-deps): @types/uuid is a type-only dep; not directly imported at runtime by convention. | ai |
Versions (showing 90 of 90)
| Version | Deps | Published |
|---|---|---|
| 18.4.0 | 8 / 4 | |
| 18.3.0 | 8 / 4 | |
| 18.2.0 | 8 / 4 | |
| 18.1.2 | 8 / 4 | |
| 18.1.1 | 8 / 4 | |
| 18.1.0 | 8 / 4 | |
| 18.0.1 | 8 / 4 | |
| 18.0.0 | 8 / 4 | |
| 17.36.0 | 8 / 4 | |
| 17.35.0 | 8 / 4 | |
| 17.34.4 | 8 / 4 | |
| 17.34.3 | 8 / 4 | |
| 17.34.2 | 8 / 4 | |
| 17.34.1 | 8 / 4 | |
| 17.34.0 | 8 / 4 | |
| 17.33.0 | 8 / 4 | |
| 17.32.0 | 8 / 4 | |
| 17.31.1 | 8 / 4 | |
| 17.31.0 | 8 / 4 | |
| 17.30.11 | 8 / 4 | |
| 17.30.10 | 8 / 4 | |
| 17.30.9 | 8 / 4 | |
| 17.30.8 | 8 / 4 | |
| 17.30.7 | 8 / 4 | |
| 17.30.6 | 8 / 4 | |
| 17.30.5 | 8 / 4 | |
| 17.30.4 | 8 / 4 | |
| 17.30.3 | 8 / 4 | |
| 17.30.2 | 8 / 4 | |
| 17.30.1 | 8 / 4 | |
| 17.30.0 | 7 / 4 | |
| 17.29.0 | 7 / 4 | |
| 17.28.0 | 7 / 4 | |
| 17.27.3 | 7 / 4 | |
| 17.27.2 | 7 / 4 | |
| 17.27.1 | 7 / 4 | |
| 17.27.0 | 7 / 4 | |
| 17.26.4 | 7 / 4 | |
| 17.26.3 | 7 / 4 | |
| 17.26.2 | 7 / 4 | |
| 17.26.1 | 7 / 4 | |
| 17.26.0 | 7 / 4 | |
| 17.25.3 | 7 / 4 | |
| 17.25.2 | 7 / 4 | |
| 17.25.1 | 7 / 4 | |
| 17.25.0 | 7 / 4 | |
| 17.24.3 | 7 / 4 | |
| 17.24.2 | 7 / 4 | |
| 17.24.1 | 7 / 4 | |
| 17.24.0 | 7 / 4 | |
| 17.23.1 | 7 / 4 | |
| 17.23.0 | 7 / 4 | |
| 17.22.3 | 7 / 4 | |
| 17.22.2 | 7 / 4 | |
| 17.22.1 | 7 / 4 | |
| 17.22.0 | 7 / 4 | |
| 17.21.0 | 7 / 4 | |
| 17.20.7 | 7 / 4 | |
| 17.20.6 | 7 / 4 | |
| 17.20.5 | 7 / 4 | |
| 17.20.4 | 7 / 4 | |
| 17.20.2 | 7 / 4 | |
| 17.20.1 | 7 / 4 | |
| 17.20.0 | 7 / 4 | |
| 17.19.0 | 7 / 4 | |
| 17.18.9 | 7 / 4 | |
| 17.18.8 | 7 / 4 | |
| 17.18.7 | 7 / 4 | |
| 17.18.6 | 7 / 4 | |
| 17.18.5 | 7 / 4 | |
| 17.18.4 | 7 / 4 | |
| 17.18.3 | 7 / 4 | |
| 17.18.2 | 7 / 4 | |
| 17.18.1 | 7 / 4 | |
| 17.18.0 | 7 / 4 | |
| 17.17.2 | 7 / 4 | |
| 17.17.1 | 7 / 4 | |
| 17.17.0 | 7 / 4 | |
| 17.16.1 | 7 / 4 | |
| 17.16.0 | 7 / 4 | |
| 17.15.6 | 7 / 4 | |
| 17.15.5 | 7 / 4 | |
| 17.15.4 | 7 / 4 | |
| 17.15.3 | 7 / 4 | |
| 17.15.2 | 7 / 4 | |
| 17.15.1 | 7 / 4 | |
| 17.15.0 | 7 / 4 | |
| 17.14.1 | 7 / 4 | |
| 17.14.0 | 7 / 4 | |
| 17.13.10 | 7 / 4 |
v18.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v18.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v18.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v18.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v18.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v18.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v18.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v18.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.36.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.34.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.34.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.34.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.34.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.34.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.33.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.32.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.31.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.31.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.30.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.30.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.30.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.28.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.27.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.27.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.27.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.26.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.26.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.26.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.26.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.26.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.25.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.25.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.25.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.25.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.24.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.24.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.24.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.23.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.22.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.22.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.22.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.20.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.20.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.18.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.18.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v17.18.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.18.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.17.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.17.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.17.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.16.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.16.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.15.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.14.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.14.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v17.13.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.