← Home

@uipath/uipath-typescript

npm Repository Homepage

UiPath TypeScript SDK

19
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

qbrandonmihhdutoxiksergiunetvasyopvnaren23chibionosady_mccristiancalinaruud.andriessendanboantaandbalasecatalinb7madalin-turluianucsvancea-uipathpeachfaunmbughiuuipandrei-balintaolteanuipathmviton_uiapthandreihodoroaga

Keywords

uipathtypescriptnodejssdkautomationagentic-ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-added AI (maintainer-change): SLSA provenance confirms CI/CD publish from UiPath org; maintainer changes reflect internal team rotation. ai
maintainer-change maintainer-removed AI (maintainer-change): Same rationale — org-level team change corroborated by provenance attestation. ai
dependencies unvetted-dep:@uipath/core-telemetry AI (dependencies): First-party UiPath scoped package replacing @opentelemetry/sdk-logs; consistent with org telemetry consolidation. ai
source-diff obfuscated-file:dist/document-understanding/index.d.ts AI (source-diff): TypeScript declaration bundle; long lines are rollup-concatenated .d.ts output, not obfuscation. Stable pattern for this SDK. ai
source-diff obfuscated-file:dist/conversational-agent/index.d.ts AI (source-diff): Bundled .d.ts type declaration file; long lines are from type rollup, not obfuscation. ai

Versions (showing 19 of 19)

Version Deps Published
1.3.10 2 / 20
1.3.9 2 / 20
1.3.8 2 / 20
1.3.7 2 / 20
1.3.6 2 / 20
1.3.5 2 / 20
1.3.4 2 / 20
1.3.3 2 / 20
1.3.2 2 / 19
1.3.1 2 / 19
1.3.0 2 / 19
1.2.2 2 / 19
1.2.1 2 / 19
1.2.0 2 / 19
1.1.3 2 / 19
1.1.2 2 / 19
1.1.1 2 / 19
1.1.0 2 / 19
1.0.0 1 / 18

v1.3.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.8

2 findings
HIGH New obfuscated file: dist/document-understanding/index.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

2 findings
HIGH New obfuscated file: dist/conversational-agent/index.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.