← Home

@umijs/test

100
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sorryccchenshuai2144kuitospeachscriptxiaohuoniyifankakaxixierenyuanxusd320zoomdong07

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@umijs/utils AI (dependencies): Internal monorepo sibling dep; always published in lockstep with @umijs/test. ai
dependencies unvetted-dep:@umijs/bundler-utils AI (dependencies): Internal monorepo sibling dep; always published in lockstep with @umijs/test. ai
provenance no-provenance AI (provenance): Long-established UmiJS monorepo package; provenance absence is consistent across all versions. ai
phantom-deps phantom-dep:@babel/plugin-transform-modules-commonjs AI (phantom-deps): Babel plugin loaded by convention via babel-jest config; not directly imported but legitimately used. ai
typosquat typosquat.levenshtein:jest AI (typosquat): Legitimate @umijs scoped test utility in the UmiJS monorepo; not a typosquat of jest. ai
bogus-package bogus-package AI (bogus-package): Established monorepo package; sparse metadata is a style choice, not a spam indicator. ai
typosquat typosquat.levenshtein:next AI (typosquat): Legitimate @umijs scoped package; no relation to next.js. ai
typosquat typosquat.levenshtein:vitest AI (typosquat): Legitimate @umijs scoped package; no relation to vitest. ai

Versions (showing 100 of 140)

Version Deps Published
4.6.76 8 / 3
4.6.69 8 / 3
4.6.68 8 / 3
4.6.67 8 / 3
4.6.66 8 / 3
4.6.65 8 / 3
4.6.64 8 / 3
4.6.63 8 / 3
4.6.62 8 / 3
4.6.61 8 / 3
4.6.59 8 / 3
4.6.58 8 / 3
4.6.57 8 / 3
4.6.56 8 / 3
4.6.55 8 / 3
4.6.54 8 / 3
4.6.53 8 / 3
4.6.52 8 / 3
4.6.51 8 / 3
4.6.50 8 / 3
4.6.49 8 / 3
4.6.48 8 / 3
4.6.47 8 / 3
4.6.46 8 / 3
4.6.45 8 / 3
4.6.44 8 / 3
4.6.43 8 / 3
4.6.42 8 / 3
4.6.41 8 / 3
4.6.40 8 / 3
4.6.39 8 / 3
4.6.38 8 / 3
4.6.37 8 / 3
4.6.36 8 / 3
4.6.35 8 / 3
4.6.34 8 / 3
4.6.33 8 / 3
4.6.32 8 / 3
4.6.31 8 / 3
4.6.30 8 / 3
4.6.29 8 / 3
4.6.28 8 / 3
4.6.27 8 / 3
4.6.26 8 / 3
4.6.25 8 / 3
4.6.24 8 / 3
4.6.23 8 / 3
4.6.22 8 / 3
4.6.21 8 / 3
4.6.20 8 / 3
4.6.19 8 / 3
4.6.18 8 / 3
4.6.17 8 / 3
4.6.16 8 / 3
4.6.15 8 / 3
4.6.14 8 / 3
4.6.13 8 / 3
4.6.12 8 / 3
4.6.11 8 / 3
4.6.10 8 / 3
4.6.9 8 / 3
4.6.8 8 / 3
4.6.7 8 / 3
4.6.6 8 / 3
4.6.5 8 / 3
4.6.4 8 / 3
4.6.3 8 / 3
4.6.2 8 / 3
4.6.1 8 / 3
4.6.0 8 / 3
4.5.3 8 / 3
4.5.2 8 / 3
4.5.1 8 / 3
4.5.0 8 / 3
4.4.12 8 / 3
4.4.11 8 / 3
4.4.10 8 / 3
4.4.9 8 / 3
4.4.8 8 / 3
4.4.7 8 / 3
4.4.6 8 / 3
4.4.5 8 / 3
4.4.4 8 / 3
4.4.3 8 / 3
4.4.2 8 / 3
4.4.1 8 / 3
4.4.0 8 / 3
4.3.36 8 / 3
4.3.35 8 / 3
4.3.34 8 / 3
4.3.33 8 / 3
4.3.32 8 / 3
4.3.31 8 / 3
4.3.30 8 / 3
4.3.29 8 / 3
4.3.28 8 / 3
4.3.27 8 / 3
4.3.26 8 / 3
4.3.25 8 / 3
4.3.24 8 / 3
Showing 100 of 140 Next page →

v4.6.76

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: zoomdong07 → GitHub Actions (on 2026-07-15, now via trusted publisher with provenance) provenance

This version was published by a different npm account (GitHub Actions) than the most recent previously approved version (zoomdong07) on 2026-07-15, but it carries Sigstore provenance attestation. This means the package moved to a trusted publisher (CI/CD with OIDC, e.g. GitHub Actions) — a supply-chain integrity improvement, not a compromise, since a stolen npm token cannot forge provenance bound to the source repository. Recorded as INFO for audit trail.

v4.6.69

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.68

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.67

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.66

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.65

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.64

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: peachscript → zoomdong07 (on 2026-06-17, known maintainer) provenance

This version was published by a different npm account (zoomdong07) than the most recent previously approved version (peachscript) on 2026-06-17, but zoomdong07 is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.63

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: zoomdong07 → peachscript (on 2026-06-15, known maintainer) provenance

This version was published by a different npm account (peachscript) than the most recent previously approved version (zoomdong07) on 2026-06-15, but peachscript is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.62

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.61

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.59

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.58

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.57

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.56

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.54

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.53

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.52

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.51

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.50

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.42

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.41

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.31

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.30

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.17

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.16

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.15

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.14

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.4

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: peachscript → zoomdong07 (on 2025-12-03, known maintainer) provenance

This version was published by a different npm account (zoomdong07) than the most recent previously approved version (peachscript) on 2025-12-03, but zoomdong07 is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.3

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: peachscript → zoomdong07 (on 2025-12-03, known maintainer) provenance

This version was published by a different npm account (zoomdong07) than the most recent previously approved version (peachscript) on 2025-12-03, but zoomdong07 is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.2

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: peachscript → zoomdong07 (on 2025-12-02, known maintainer) provenance

This version was published by a different npm account (zoomdong07) than the most recent previously approved version (peachscript) on 2025-12-02, but zoomdong07 is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.6.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.5.3

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: sorrycc → peachscript (on 2025-10-21, known maintainer) provenance

This version was published by a different npm account (peachscript) than the most recent previously approved version (sorrycc) on 2025-10-21, but peachscript is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.5.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.5.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.5.0

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: sorrycc → peachscript (on 2025-09-18, known maintainer) provenance

This version was published by a different npm account (peachscript) than the most recent previously approved version (sorrycc) on 2025-09-18, but peachscript is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.4.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.4.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.31

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.30

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.