@truenine/memory-sync-cli

TrueNine Memory Synchronization CLI metadata package

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

falsezero

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:remark-frontmatter	AI (phantom-deps): Remark plugin for YAML frontmatter; indirect through unified ecosystem.	ai	2026/04/27
phantom-deps	phantom-dep:remark-parse	AI (phantom-deps): Remark parser; indirect usage through unified markdown processing pipeline.	ai	2026/04/27
phantom-deps	phantom-dep:@clack/prompts	AI (phantom-deps): Interactive CLI prompts library; legitimate indirect usage in CLI tool.	ai	2026/04/27
phantom-deps	phantom-dep:remark-stringify	AI (phantom-deps): Remark serializer; indirect usage through unified markdown processing.	ai	2026/04/27
phantom-deps	phantom-dep:yaml	AI (phantom-deps): Legitimate indirect dependency used through remark ecosystem and config processing in CLI tool.	ai	2026/04/27
phantom-deps	phantom-dep:unified	AI (phantom-deps): Core remark ecosystem dependency; used indirectly through remark-parse/stringify plugins.	ai	2026/04/27
phantom-deps	phantom-dep:winston	AI (phantom-deps): Logging library; typical indirect usage pattern in CLI tools via plugin system.	ai	2026/04/27
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): File system utility; commonly used indirectly in build/CLI tools.	ai	2026/04/27
phantom-deps	phantom-dep:fast-glob	AI (phantom-deps): Glob pattern matching; indirect usage in file discovery patterns for CLI.	ai	2026/04/27
phantom-deps	phantom-dep:picomatch	AI (phantom-deps): Pattern matching utility; indirect dependency of fast-glob and CLI matching logic.	ai	2026/04/27
phantom-deps	phantom-dep:picocolors	AI (phantom-deps): Terminal color utility; indirect usage in CLI output formatting.	ai	2026/04/27
phantom-deps	phantom-dep:remark-gfm	AI (phantom-deps): Remark plugin for GitHub-flavored markdown; indirect through unified ecosystem.	ai	2026/04/27
source-diff	net-exec-file:dist/babel.cjs	AI (source-diff): Network+exec pattern is from bundled Babel/webpack runtime internals (dynamic require, module resolution). Not dropper/loader malware.	ai	2026/04/26
source-diff	obfuscated-file:dist/jiti-B3PPFIgr.mjs	AI (source-diff): dist/jiti-B3PPFIgr.mjs is a bundled jiti/mlly runtime. Long lines are minified bundle output from tsdown/rollup, not obfuscation.	ai	2026/04/26
source-diff	obfuscated-file:dist/babel.cjs	AI (source-diff): dist/babel.cjs is a webpack-bundled Babel toolchain runtime. Long lines are minified bundle output, not obfuscation. Expected artifact for a CLI tool bundling its dependencies.	ai	2026/04/26

Versions (showing 100 of 139)

Version	Deps	Published
2026.10503.119	0 / 0	2026-05-03
2026.10502.118	0 / 0	2026-05-03
2026.10425.10602	0 / 0	2026-04-25
2026.10425.10151	0 / 0	2026-04-25
2026.10424.111	0 / 0	2026-04-24
2026.10423.10544	0 / 0	2026-04-22
2026.10423.10517	0 / 0	2026-04-22
2026.10423.10401	0 / 0	2026-04-22
2026.10423.10319	0 / 0	2026-04-22
2026.10422.10749	0 / 0	2026-04-22
2026.10411.10132	1 / 11	2026-04-11
2026.10408.12323	0 / 10	2026-04-08
2026.10406.121	0 / 10	2026-04-06
2026.10404.101	0 / 10	2026-04-03
2026.10403.117	0 / 10	2026-04-03
2026.10402.116	0 / 10	2026-04-02
2026.10402.110	0 / 10	2026-04-02
2026.10402.109	0 / 10	2026-04-02
2026.10402.103	0 / 10	2026-04-01
2026.10330.118	3 / 16	2026-03-30
2026.10330.108	3 / 16	2026-03-30
2026.10329.110	3 / 16	2026-03-29
2026.10328.106	3 / 16	2026-03-28
2026.10327.10010	3 / 16	2026-03-26
2026.10325.12228	3 / 16	2026-03-25
2026.10324.11958	3 / 16	2026-03-24
2026.10324.10325	3 / 16	2026-03-23
2026.10324.10015	3 / 16	2026-03-23
2026.10323.10738	3 / 16	2026-03-23
2026.10323.10152	3 / 16	2026-03-22
2026.10322.104	3 / 16	2026-03-21
2026.10319.10359	3 / 16	2026-03-18
2026.10318.12034	3 / 16	2026-03-18
2026.10318.11638	3 / 16	2026-03-18
2026.10303.11117	12 / 6	2026-03-03
2026.10303.11058	12 / 6	2026-03-03
2026.10302.10037	12 / 7	2026-03-01
2026.10224.10619	12 / 49	2026-02-24
2026.10223.10952	12 / 49	2026-02-23
2026.10223.10941	12 / 49	2026-02-23
2026.10223.10555	12 / 49	2026-02-23
2026.10222.10836	7 / 48	2026-02-22
2026.10221.10208	7 / 14	2026-02-20
2026.10221.10118	7 / 14	2026-02-20
2026.10221.10031	7 / 14	2026-02-20
2026.10220.11748	6 / 13	2026-02-20
2026.10219.12358	6 / 13	2026-02-19
2026.10219.12050	6 / 13	2026-02-19
2026.10219.11823	6 / 13	2026-02-19
2026.10219.10518	6 / 13	2026-02-18
2026.10219.10305	6 / 13	2026-02-18
2026.10219.10049	5 / 13	2026-02-18
2026.10218.12326	5 / 13	2026-02-18
2026.10218.12101	5 / 13	2026-02-18
2026.10218.11920	5 / 13	2026-02-18
2026.10218.11905	5 / 13	2026-02-18
2026.10218.11636	5 / 13	2026-02-18
2026.10218.11313	5 / 13	2026-02-18
2026.10217.12221	5 / 13	2026-02-17
2026.10214.1083059	5 / 13	2026-02-14
2026.10214.10234	5 / 13	2026-02-13
2026.10213.11911	5 / 13	2026-02-13
2026.10213.10155	5 / 13	2026-02-12
2026.10213.10110	5 / 13	2026-02-12
2026.10213.0	5 / 13	2026-02-12
2026.10212.12107	5 / 13	2026-02-12
2026.10212.11955	5 / 13	2026-02-12
2026.10212.11500	5 / 13	2026-02-12
2026.10212.11447	5 / 13	2026-02-12
2026.10210.10233	6 / 12	2026-02-09
2026.10209.12055	6 / 12	2026-02-09
2026.10209.12005	6 / 12	2026-02-09
2026.10208.11230	14 / 14	2026-02-08
2026.10208.0	14 / 14	2026-02-08
2026.10204.10942	14 / 14	2026-02-04
2026.10204.0	14 / 14	2026-02-04
2026.10203.10601	14 / 14	2026-02-02
2026.10202.10932	14 / 14	2026-02-02
2026.10202.10736	14 / 14	2026-02-01
2026.10202.10546	14 / 14	2026-02-01
2026.10202.10412	14 / 14	2026-02-01
2026.10202.10355	14 / 14	2026-02-01
2026.10202.10348	14 / 14	2026-02-01
2026.10202.10343	14 / 14	2026-02-01
2026.10202.10332	14 / 14	2026-02-01
2026.10202.10310	14 / 14	2026-02-01
2026.10202.0	14 / 14	2026-02-01
2026.10131.10953	14 / 14	2026-01-31
2026.10131.0	14 / 14	2026-01-31
2026.10130.12123	14 / 13	2026-01-30
2026.10129.11447	14 / 13	2026-01-29
2026.10129.11222	14 / 13	2026-01-29
2026.10129.11132	14 / 13	2026-01-29
2026.10129.11105	14 / 13	2026-01-29
2026.10129.11051	14 / 13	2026-01-29
2026.10129.0	14 / 17	2026-01-29
2026.10125.0	14 / 15	2026-01-25
2026.10120.117	14 / 15	2026-01-20
2026.10118.11633	14 / 15	2026-01-18
2026.10118.11510	14 / 15	2026-01-18

Showing 100 of 139 Next page →

v2026.10503.119

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10502.118

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10425.10602

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10425.10151

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10424.111

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10544

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10517

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10401

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10319

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10422.10749

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10411.10132

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10408.12323

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10406.121

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10404.101

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10403.117

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.116

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.110

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.109

4 findings

HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.103

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10330.118

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10330.108

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10329.110

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10328.106

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10327.10010

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10325.12228

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.11958

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.10325

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.10015

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10323.10738

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10323.10152

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10322.104

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10319.10359

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10318.12034

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10318.11638

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10303.11117

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10303.11058

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10302.10037

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10224.10619

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10952

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10941

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10555

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10222.10836

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10208

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10118

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10031

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10220.11748

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.12358

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.12050

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.11823

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.10518

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.10305

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.10049

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.12326

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.12101

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.11920

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.11905

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.11636

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10218.11313

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10217.12221

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10214.1083059

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10214.10234

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10213.11911

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10213.10155

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10213.10110

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10213.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10212.12107

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10212.11955

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10212.11500

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10212.11447

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10210.10233

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10209.12055

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10209.12005

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10208.11230

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10208.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10204.10942

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10204.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10203.10601

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10932

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10736

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10546

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10412

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10355

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10348

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10343

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10332

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.10310

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10202.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10131.10953

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10131.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10130.12123

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.11447

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.11222

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.11132

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.11105

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.11051

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10129.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10125.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10120.117

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10118.11633

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10118.11510

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.