@valbuild/shared — Greenflagged

Val shared types and utilities

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

freekhtheodorc_blank

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): SLSA provenance attestation present; gitHead absence is outweighed by Sigstore attestation for this CI-published package.	ai	2026/05/04
bogus-package	bogus-package	AI (bogus-package): Monorepo sub-package; sparse README and no keywords are expected for internal shared utilities.	ai	2026/04/29

Versions (showing 48 of 48)

Version	Deps	Published
0.96.3	3 / 1	2026-05-21
0.96.2	3 / 1	2026-05-20
0.96.0	3 / 1	2026-05-13
0.95.0	3 / 1	2026-04-27
0.94.0	3 / 1	2026-04-16
0.93.0	3 / 1	2026-03-25
0.92.0	3 / 1	2026-01-30
0.91.4	3 / 0	2026-01-15
0.91.3	3 / 0	2026-01-15
0.91.2	3 / 0	2026-01-14
0.91.1	3 / 0	2026-01-12
0.91.0	3 / 0	2026-01-12
0.90.0	3 / 0	2026-01-12
0.89.0	3 / 0	2026-01-10
0.88.0	3 / 0	2026-01-10
0.87.5	3 / 0	2025-12-26
0.87.4	3 / 0	2025-12-26
0.87.3	3 / 0	2025-11-02
0.87.2	3 / 0	2025-10-26
0.87.1	3 / 0	2025-10-21
0.87.0	3 / 0	2025-10-21
0.86.3	3 / 0	2025-10-19
0.86.2	3 / 0	2025-10-13
0.86.1	3 / 0	2025-10-13
0.86.0	3 / 0	2025-10-13
0.85.1	3 / 0	2025-08-31
0.85.0	3 / 0	2025-08-20
0.84.3	3 / 0	2025-08-16
0.84.2	3 / 0	2025-08-16
0.84.1	3 / 0	2025-07-07
0.84.0	3 / 0	2025-07-07
0.83.0	3 / 0	2025-07-02
0.82.0	3 / 0	2025-06-27
0.81.0	3 / 0	2025-06-27
0.80.0	3 / 0	2025-06-19
0.79.4	3 / 0	2025-06-13
0.79.3	3 / 0	2025-05-25
0.79.2	3 / 0	2025-05-25
0.79.1	3 / 0	2025-05-23
0.79.0	3 / 0	2025-05-22
0.78.3	3 / 0	2025-05-02
0.78.2	3 / 0	2025-05-02
0.78.1	3 / 0	2025-05-02
0.78.0	3 / 0	2025-05-02
0.77.1	3 / 0	2025-04-30
0.77.0	3 / 0	2025-04-30
0.76.1	3 / 0	2025-04-29
0.76.0	3 / 0	2025-04-29

v0.96.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.96.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.96.0

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

v0.94.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.93.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.92.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.91.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.91.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.91.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.91.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.91.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.90.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.89.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.88.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.87.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.87.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.