← Home

@umijs/test

51
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sorryccchenshuai2144kuitospeachscriptxiaohuoniyifankakaxixierenyuanxusd320zoomdong07

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@umijs/utils AI (dependencies): Internal monorepo sibling dep; always published in lockstep with @umijs/test. ai
dependencies unvetted-dep:@umijs/bundler-utils AI (dependencies): Internal monorepo sibling dep; always published in lockstep with @umijs/test. ai
provenance no-provenance AI (provenance): Long-established UmiJS monorepo package; provenance absence is consistent across all versions. ai
phantom-deps phantom-dep:@babel/plugin-transform-modules-commonjs AI (phantom-deps): Babel plugin loaded by convention via babel-jest config; not directly imported but legitimately used. ai
typosquat typosquat.levenshtein:jest AI (typosquat): Legitimate @umijs scoped test utility in the UmiJS monorepo; not a typosquat of jest. ai
bogus-package bogus-package AI (bogus-package): Established monorepo package; sparse metadata is a style choice, not a spam indicator. ai
typosquat typosquat.levenshtein:next AI (typosquat): Legitimate @umijs scoped package; no relation to next.js. ai
typosquat typosquat.levenshtein:vitest AI (typosquat): Legitimate @umijs scoped package; no relation to vitest. ai

Versions (showing 51 of 139)

View all versions
Version Deps Published
4.6.69 8 / 3
4.6.68 8 / 3
4.6.67 8 / 3
4.6.66 8 / 3
4.6.65 8 / 3
4.6.64 8 / 3
4.6.63 8 / 3
4.6.62 8 / 3
4.6.61 8 / 3
4.6.59 8 / 3
4.6.58 8 / 3
4.6.57 8 / 3
4.6.56 8 / 3
4.6.55 8 / 3
4.6.54 8 / 3
4.6.53 8 / 3
4.6.52 8 / 3
4.6.51 8 / 3
4.6.50 8 / 3
4.6.49 8 / 3
4.6.48 8 / 3
4.6.47 8 / 3
4.6.46 8 / 3
4.6.45 8 / 3
4.6.44 8 / 3
4.6.43 8 / 3
4.6.42 8 / 3
4.6.41 8 / 3
4.6.40 8 / 3
4.6.39 8 / 3
4.6.38 8 / 3
4.6.37 8 / 3
4.6.36 8 / 3
4.6.35 8 / 3
4.6.34 8 / 3
4.6.33 8 / 3
4.6.32 8 / 3
4.6.31 8 / 3
4.6.30 8 / 3
4.6.29 8 / 3
4.6.28 8 / 3
4.6.27 8 / 3
4.6.26 8 / 3
4.6.25 8 / 3
4.6.24 8 / 3
4.6.23 8 / 3
4.6.22 8 / 3
4.6.21 8 / 3
4.6.20 8 / 3
4.6.19 8 / 3
4.6.18 8 / 3

v4.6.69

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.68

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.67

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.66

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.65

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.64

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: peachscript → zoomdong07 (on 2026-06-17, known maintainer) provenance

This version was published by a different npm account (zoomdong07) than the most recent previously approved version (peachscript) on 2026-06-17, but zoomdong07 is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.63

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: zoomdong07 → peachscript (on 2026-06-15, known maintainer) provenance

This version was published by a different npm account (peachscript) than the most recent previously approved version (zoomdong07) on 2026-06-15, but peachscript is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.62

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.61

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.59

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.58

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.57

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.56

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.54

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.53

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.52

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.51

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.50

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.42

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.41

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.31

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.30

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.