@zintrust/workers
Worker orchestration and background job management for ZinTrust.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:ml.js | AI (phantom-deps): Declared but not directly imported; appears vestigial rather than a real risk. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Used for AES-256-GCM IV/authTag parsing — standard crypto pattern, not payload hiding. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Decodes embedded HTML asset for serving UI — documented build-time embedding pattern. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): 127.0.0.1 reference is a localhost log message, not an outbound network request. | ai | |
| phantom-deps | phantom-dep:ioredis | AI (phantom-deps): ioredis is a declared runtime dep used via peer dep config; phantom-dep heuristic misfires here. | ai | |
| phantom-deps | phantom-dep:simple-statistics | AI (phantom-deps): Declared runtime dep referenced in config; phantom-dep heuristic misfires. | ai |
Versions (showing 51 of 68)
| Version | Deps | Published |
|---|---|---|
| 2.4.5 | 5 / 0 | |
| 2.4.4 | 5 / 0 | |
| 2.4.3 | 5 / 0 | |
| 2.4.2 | 5 / 0 | |
| 2.4.1 | 5 / 0 | |
| 2.2.0 | 5 / 0 | |
| 2.1.8 | 5 / 0 | |
| 2.1.7 | 5 / 0 | |
| 2.1.6 | 5 / 0 | |
| 2.1.3 | 5 / 0 | |
| 2.0.5 | 5 / 0 | |
| 2.0.4 | 5 / 0 | |
| 2.0.3 | 5 / 0 | |
| 2.0.2 | 5 / 0 | |
| 2.0.1 | 5 / 0 | |
| 2.0.0 | 5 / 0 | |
| 1.8.0 | 5 / 0 | |
| 1.7.2 | 5 / 0 | |
| 1.7.1 | 5 / 0 | |
| 1.5.2 | 5 / 0 | |
| 1.5.0 | 5 / 0 | |
| 1.2.0 | 5 / 0 | |
| 0.9.3 | 5 / 0 | |
| 0.9.2 | 5 / 0 | |
| 0.9.1 | 5 / 0 | |
| 0.9.0 | 5 / 0 | |
| 0.8.0 | 5 / 0 | |
| 0.7.9 | 5 / 0 | |
| 0.7.8 | 5 / 0 | |
| 0.7.7 | 5 / 0 | |
| 0.7.0 | 5 / 0 | |
| 0.5.8 | 5 / 0 | |
| 0.5.7 | 5 / 0 | |
| 0.5.6 | 5 / 0 | |
| 0.5.5 | 5 / 0 | |
| 0.5.3 | 5 / 0 | |
| 0.5.2 | 5 / 0 | |
| 0.5.1 | 5 / 0 | |
| 0.5.0 | 5 / 0 | |
| 0.4.96 | 5 / 0 | |
| 0.4.95 | 5 / 0 | |
| 0.4.94 | 5 / 0 | |
| 0.4.92 | 5 / 0 | |
| 0.4.90 | 5 / 0 | |
| 0.4.89 | 5 / 0 | |
| 0.4.88 | 5 / 0 | |
| 0.4.86 | 5 / 0 | |
| 0.4.75 | 5 / 0 | |
| 0.4.70 | 5 / 0 | |
| 0.4.68 | 5 / 0 | |
| 0.4.67 | 5 / 0 |
v2.4.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.75
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.