@zuplo/cli
<p align="center"> <a href="https://zuplo.com"> <img src="https://portal.zuplo.com/zuplo.svg" height="96"> <h3 align="center">Zuplo</h3> </a> </p> <p align="center">Zuplo's API Gateway helps small and large teams get APIs to production that ar
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-SD2N5PY4.js | AI (source-diff): Minified ESM build artifact from bundled @zuplo/runtime; Zuplo copyright header and JWT logic visible; consistent with normal build output. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-QZEGTRKY.js | AI (source-diff): Minified ESM bundle from @zuplo/runtime (same org, bundled dep); consistent with normal build output across versions. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-WT4H7RKW.js | AI (source-diff): Minified ESM build artifact from bundled @zuplo/runtime; Zuplo copyright header and JWT logic visible; consistent with normal build output. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-SQ4CJMPN.js | AI (source-diff): Minified ESM bundle from bundled @zuplo/runtime dep; Zuplo copyright header present, content is standard JWT auth logic. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-U763HG2Z.js | AI (source-diff): Minified ESM bundle from bundled @zuplo/runtime dep; Zuplo copyright header and JWT logic visible; consistent with normal build output. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-HQB254PW.js | AI (source-diff): Minified ESM bundle from bundled @zuplo/runtime (same org); consistent with normal CLI build output across versions. | ai | |
| source-diff | obfuscated-file:node_modules/@zuplo/runtime/out/esm/browser-login-idp-HWMCSYMR.js | AI (source-diff): Bundled ESM chunk from @zuplo/runtime (same org); minified build output with Zuplo copyright header, not malicious obfuscation. | ai | |
| phantom-deps | phantom-dep:js-yaml | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:fast-glob | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:jsonc-parser | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:posthog-node | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:jsonpath-plus | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:javascript-stringify | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:@zuplo/otel | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| source-diff | net-exec-file:node_modules/jsonpath-plus/dist/index-browser-umd.cjs | AI (source-diff): Standard UMD build of jsonpath-plus; dynamic code execution is eval-based JSONPath evaluation, not a dropper. | ai | |
| source-diff | obfuscated-file:node_modules/prettier/index.cjs | AI (source-diff): Standard minified prettier build bundled inside the tarball; not malicious obfuscation. | ai | |
| phantom-deps | phantom-dep:@zuplo/openapi-tools | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| phantom-deps | phantom-dep:@zuplo/graphql | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| phantom-deps | phantom-dep:@zuplo/runtime | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| phantom-deps | phantom-dep:@zuplo/core | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| phantom-deps | phantom-dep:@zuplo/editor | AI (phantom-deps): Same-org bundled dep; listed in bundleDependencies. | ai | |
| phantom-deps | phantom-dep:ora | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball, not a phantom dep. | ai | |
| phantom-deps | phantom-dep:jose | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:open | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:pino | AI (phantom-deps): Listed in bundleDependencies; bundled into tarball. | ai | |
| phantom-deps | phantom-dep:@fastify/static | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:deno | AI (phantom-deps): Legitimate build/runtime dependency for CLI tool; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:execa | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:cookie | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:rimraf | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:fastify | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:as-table | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:chokidar | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:@swc/core | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:pino-pretty | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:@fastify/cors | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:fastify-plugin | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:fastify-sse-v2 | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:@opentelemetry/api | AI (phantom-deps): Legitimate build/runtime dependency; declared for dynamic invocation or config use. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Phantom deps are expected in CLI tools; zod is referenced in config files and properly declared. | ai | |
| phantom-deps | phantom-dep:workerd | AI (phantom-deps): workerd is a known implicit runtime dependency; expected for Zuplo CLI. | ai | |
| phantom-deps | phantom-dep:esbuild | AI (phantom-deps): esbuild is a known implicit dependency for build/bundling; expected for CLI tools. | ai | |
| dependencies | unvetted-dep:fastify-sse-v2 | AI (dependencies): fastify-sse-v2 is a Fastify SSE plugin; legitimate dependency for local dev server streaming. | ai | |
| dependencies | unvetted-dep:jsonpath-plus | AI (dependencies): jsonpath-plus is a well-known JSON path library; legitimate dependency. | ai | |
| dependencies | unvetted-dep:@zuplo/openapi-tools | AI (dependencies): First-party @zuplo scoped package; same organization as the CLI itself. | ai | |
| dependencies | unvetted-dep:@zuplo/runtime | AI (dependencies): First-party @zuplo scoped package; same organization as the CLI itself. | ai | |
| dependencies | unvetted-dep:@zuplo/core | AI (dependencies): First-party @zuplo scoped package; same organization as the CLI itself. | ai | |
| dependencies | unvetted-dep:jose | AI (dependencies): jose is a well-known JWT/JOSE library; legitimate dependency for auth-related CLI features. | ai | |
| dependencies | unvetted-dep:fastify | AI (dependencies): fastify is a well-known web framework; legitimate dependency for @zuplo/cli's local dev server. | ai | |
| dependencies | unvetted-dep:workerd | AI (dependencies): workerd is Cloudflare's Workers runtime, a legitimate binary dependency for local dev simulation. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): @zuplo/cli is a scoped package from Zuplo, Inc. — not a typosquat of 'joi'. Levenshtein distance comparison across scoped vs unscoped packages is a false positive here. | ai | |
| dependencies | unvetted-dep:deno | AI (dependencies): deno is a legitimate runtime binary dependency for @zuplo/cli's local dev server functionality. | ai | |
| provenance | no-provenance | AI (provenance): Zuplo publishes via GitHub Actions CI/CD; lack of Sigstore provenance is common and not a risk signal for this established package. | ai | |
| dependencies | unvetted-dep:as-table | AI (dependencies): as-table is a small table-formatting utility; legitimate CLI output dependency. | ai |
Versions (showing 100 of 509)
| Version | Deps | Published |
|---|---|---|
| 6.70.66 | 45 / 0 | |
| 6.70.63 | 45 / 0 | |
| 6.70.62 | 45 / 0 | |
| 6.70.61 | 45 / 0 | |
| 6.70.60 | 45 / 0 | |
| 6.70.59 | 45 / 0 | |
| 6.70.57 | 45 / 0 | |
| 6.70.56 | 45 / 0 | |
| 6.70.55 | 45 / 0 | |
| 6.70.53 | 45 / 0 | |
| 6.70.51 | 45 / 0 | |
| 6.70.49 | 45 / 0 | |
| 6.70.48 | 45 / 0 | |
| 6.70.47 | 45 / 0 | |
| 6.70.45 | 45 / 0 | |
| 6.70.43 | 45 / 0 | |
| 6.70.42 | 45 / 0 | |
| 6.70.41 | 45 / 0 | |
| 6.70.40 | 45 / 0 | |
| 6.70.39 | 45 / 0 | |
| 6.70.34 | 45 / 0 | |
| 6.70.33 | 45 / 0 | |
| 6.70.32 | 45 / 0 | |
| 6.70.31 | 45 / 0 | |
| 6.70.30 | 45 / 0 | |
| 6.70.29 | 45 / 0 | |
| 6.70.28 | 45 / 0 | |
| 6.70.27 | 45 / 0 | |
| 6.70.25 | 45 / 0 | |
| 6.70.16 | 45 / 0 | |
| 6.70.15 | 45 / 0 | |
| 6.70.14 | 45 / 0 | |
| 6.70.13 | 45 / 0 | |
| 6.69.6 | 45 / 0 | |
| 6.69.4 | 45 / 0 | |
| 6.69.3 | 45 / 0 | |
| 6.69.1 | 45 / 0 | |
| 6.68.30 | 45 / 0 | |
| 6.68.29 | 45 / 0 | |
| 6.68.28 | 45 / 0 | |
| 6.68.27 | 45 / 0 | |
| 6.68.26 | 45 / 0 | |
| 6.68.25 | 45 / 0 | |
| 6.68.24 | 45 / 0 | |
| 6.68.18 | 45 / 0 | |
| 6.68.17 | 45 / 0 | |
| 6.68.16 | 45 / 0 | |
| 6.68.15 | 45 / 0 | |
| 6.68.10 | 45 / 0 | |
| 6.68.9 | 45 / 0 | |
| 6.68.8 | 45 / 0 | |
| 6.68.7 | 45 / 0 | |
| 6.68.6 | 45 / 0 | |
| 6.68.5 | 45 / 0 | |
| 6.68.3 | 45 / 0 | |
| 6.68.2 | 45 / 0 | |
| 6.68.1 | 45 / 0 | |
| 6.68.0 | 45 / 0 | |
| 6.67.33 | 45 / 0 | |
| 6.67.32 | 45 / 0 | |
| 6.67.31 | 45 / 0 | |
| 6.67.30 | 45 / 0 | |
| 6.67.29 | 45 / 0 | |
| 6.67.28 | 45 / 0 | |
| 6.67.26 | 45 / 0 | |
| 6.67.25 | 45 / 0 | |
| 6.67.24 | 45 / 0 | |
| 6.67.23 | 45 / 0 | |
| 6.67.22 | 45 / 0 | |
| 6.67.21 | 45 / 0 | |
| 6.67.20 | 45 / 0 | |
| 6.67.19 | 45 / 0 | |
| 6.67.18 | 45 / 0 | |
| 6.67.17 | 45 / 0 | |
| 6.67.16 | 45 / 0 | |
| 6.67.15 | 45 / 0 | |
| 6.67.14 | 45 / 0 | |
| 6.67.13 | 45 / 0 | |
| 6.67.12 | 45 / 0 | |
| 6.67.11 | 45 / 0 | |
| 6.67.9 | 45 / 0 | |
| 6.67.8 | 45 / 0 | |
| 6.67.6 | 45 / 0 | |
| 6.67.5 | 45 / 0 | |
| 6.67.4 | 45 / 0 | |
| 6.67.3 | 45 / 0 | |
| 6.67.2 | 45 / 0 | |
| 6.67.1 | 45 / 0 | |
| 6.67.0 | 45 / 0 | |
| 6.66.15 | 45 / 0 | |
| 6.66.14 | 45 / 0 | |
| 6.66.13 | 45 / 0 | |
| 6.66.12 | 45 / 0 | |
| 6.66.11 | 45 / 0 | |
| 6.66.10 | 45 / 0 | |
| 6.66.9 | 45 / 0 | |
| 6.66.8 | 45 / 0 | |
| 6.66.7 | 45 / 0 | |
| 6.66.6 | 45 / 0 | |
| 6.66.5 | 45 / 0 |
v6.70.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.53
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.51
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.49
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.48
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.47
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.45
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.43
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.42
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.41
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.40
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.39
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.69.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.69.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.69.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.68.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.68.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.67.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.66.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.