@unito/integration-debugger
The Unito Integration Debugger
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:react-blessed | AI (dependencies): react-blessed is a legitimate terminal UI library appropriate for a debugger CLI tool. | ai | |
| dependencies | unvetted-dep:@hookstate/core | AI (dependencies): hookstate is a known React state management library; consistent with react-blessed UI usage. | ai | |
| phantom-deps | phantom-dep:@oazapfts/runtime | AI (phantom-deps): @oazapfts/runtime is referenced in config (likely generated API client); stable false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal Unito CLI tool; sparse README and no public repo URL are expected for private tooling, not spam indicators. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 0.32.1 | 15 / 16 | |
| 0.32.0 | 15 / 16 | |
| 0.31.5 | 15 / 16 | |
| 0.31.4 | 15 / 16 | |
| 0.31.3 | 15 / 16 | |
| 0.31.2 | 15 / 16 | |
| 0.31.1 | 15 / 16 | |
| 0.31.0 | 15 / 16 | |
| 0.30.0 | 15 / 16 | |
| 0.29.1 | 15 / 16 | |
| 0.29.0 | 14 / 16 | |
| 0.28.12 | 14 / 16 | |
| 0.28.11 | 14 / 16 | |
| 0.28.10 | 14 / 16 | |
| 0.28.9 | 14 / 16 | |
| 0.28.8 | 14 / 16 | |
| 0.28.7 | 14 / 16 |
v0.32.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.32.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.30.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.