@tryghost/webhook-mock-receiver MIT 17 versions

@tryghost/webhook-mock-receiver

npm Repository

Up to date documentation about the usage of the module available in [End-to-end Testing Codex](https://ghost.notion.site/End-to-end-Testing-6a2ef073b1754b18aff42e24a632a007#827471b6314640758460b9c1e22b34c4).

17

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

zimoatghostallouiskernalghostchrisraibleerisdsjohnonolankevinansfieldcobbspuraileencgnjlohminimaluminiumsam-lordpauladamdavisbobvaneckjoeegrigghadretjonhickmanerik-ghostsagzyvershwalmike182ukluissazevedolsingernickmoretonrenatoworksrblstr-ghostevanhahn-ghostweylandswartghost-slimertmciescojonatan-ghost9larsons

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): SLSA provenance attestation present; gitHead absence is cosmetic given CI/CD publish pipeline.	ai	2026/06/02
bogus-package	bogus-package	AI (bogus-package): Established Ghost Foundation utility package; low-value signals are false positives for this scoped package.	ai	2026/06/02
npm-metadata	no-description	AI (npm-metadata): Known Ghost Foundation package; missing description is a cosmetic issue, not a malice indicator.	ai	2026/06/02

Versions (showing 17 of 17)

Version	Deps	Published
2.2.2	1 / 2	2026-06-01
2.2.1	1 / 2	2026-05-26
2.2.0	1 / 2	2026-04-27
2.1.0	1 / 2	2026-04-22
2.0.3	1 / 2	2026-03-16
2.0.2	1 / 2	2026-03-11
2.0.1	1 / 2	2026-03-10
2.0.0	1 / 4	2026-03-02
1.2.1	1 / 4	2026-02-21
1.2.0	1 / 4	2026-02-21
1.1.0	1 / 4	2026-02-21
1.0.0	1 / 4	2026-02-21
0.2.22	1 / 4	2026-02-20
0.2.21	1 / 4	2026-02-20
0.2.20	1 / 4	2026-02-20
0.2.19	1 / 4	2026-02-20
0.2.18	1 / 4	2026-02-12

v2.2.2

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.