@zintrust/core No license 19 versions

@zintrust/core

npm Repository Homepage

19

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

diadal

Keywords

frameworktypescriptbackendormquery-builderrest-apireactreact-apivuevue-apisymfonylaravel

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:hex-decode	AI (semgrep): Hex decode used for AES-256-GCM IV and auth tag parsing — legitimate crypto pattern.	ai	2026/05/27
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall is a no-op process.exit(0); stable false positive for this package.	ai	2026/05/27
semgrep	semgrep:silent-process-exec	AI (semgrep): Detached spawn in VersionChecker is a self-restart pattern for CLI version upgrades, not a reverse shell.	ai	2026/05/26
semgrep	semgrep:silent-process-exec-var	AI (semgrep): Same VersionChecker self-restart context; benign for this package.	ai	2026/05/26
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get inside a Proxy get trap is idiomatic JS; not obfuscation.	ai	2026/05/22
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding JWT/auth token bodies in ServiceAuthMiddleware is standard auth middleware practice.	ai	2026/05/22
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped package @zintrust/core is a framework, not a typosquat of cors; name collision is coincidental.	ai	2026/05/22
phantom-deps	phantom-dep:@zintrust/workers	AI (phantom-deps): Same-org sibling package loaded by framework convention.	ai	2026/05/22
phantom-deps	phantom-dep:@cloudflare/containers	AI (phantom-deps): Framework-scoped Cloudflare package loaded by convention, not direct import.	ai	2026/05/22
phantom-deps	phantom-dep:bullmq	AI (phantom-deps): bullmq is a declared dependency used via config/convention in this framework.	ai	2026/05/22
semgrep	semgrep:env-spread	AI (semgrep): env-spread passes process.env to a child process spawn — standard CLI framework pattern, not exfiltration.	ai	2026/05/22
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): All raw-IP references are localhost (127.0.0.1) log messages, not external network calls.	ai	2026/05/22
semgrep	semgrep:env-bulk-read	AI (semgrep): Reads process.env to build worker dev-vars config file — expected framework behavior.	ai	2026/05/22

Versions (showing 19 of 229)

Version	Deps	Published
0.1.18	5 / 0	2026-01-07
0.1.17	5 / 0	2026-01-07
0.1.16	5 / 0	2026-01-06
0.1.15	5 / 0	2026-01-05
0.1.14	5 / 0	2026-01-05
0.1.13	5 / 0	2026-01-04
0.1.12	5 / 0	2026-01-04
0.1.11	5 / 0	2026-01-04
0.1.10	5 / 0	2026-01-04
0.1.9	5 / 0	2026-01-04
0.1.8	6 / 0	2026-01-04
0.1.7	6 / 0	2026-01-01
0.1.6	6 / 0	2026-01-01
0.1.5	7 / 0	2025-12-31
0.1.4	7 / 0	2025-12-31
0.1.3	7 / 0	2025-12-30
0.1.2	0 / 0	2025-12-30
0.1.1	0 / 0	2025-12-26
0.1.0	7 / 19	2025-12-26

v0.1.18

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.17

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.16

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.15

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.14

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.13

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.12

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.11

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.10

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.9

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.8

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.7

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.6

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.5

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.4

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.2

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@zintrust/core' is 1 edit(s) away from popular package 'cors'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.