@zuplo/errors
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from zuplo-integrations to GitHub Actions, consistent with a CI/CD migration for the @zuplo org. Scoped package under a registered npm org reduces takeover risk. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainer moritzs is consistent with a legitimate Zuplo org contributor addition. Scoped @zuplo package limits unauthorized additions. | ai |
Versions (showing 100 of 548)
| Version | Deps | Published |
|---|---|---|
| 6.63.31 | 0 / 6 | |
| 6.63.30 | 0 / 6 | |
| 6.63.29 | 0 / 6 | |
| 6.63.28 | 0 / 6 | |
| 6.63.27 | 0 / 6 | |
| 6.63.26 | 0 / 6 | |
| 6.63.25 | 0 / 6 | |
| 6.63.24 | 0 / 6 | |
| 6.63.23 | 0 / 6 | |
| 6.63.14 | 0 / 6 | |
| 6.63.13 | 0 / 6 | |
| 6.63.12 | 0 / 6 | |
| 6.63.11 | 0 / 6 | |
| 6.63.10 | 0 / 6 | |
| 6.63.8 | 0 / 6 | |
| 6.63.7 | 0 / 6 | |
| 6.63.6 | 0 / 6 | |
| 6.63.5 | 0 / 6 | |
| 6.63.4 | 0 / 6 | |
| 6.63.3 | 0 / 6 | |
| 6.63.2 | 0 / 6 | |
| 6.63.1 | 0 / 6 | |
| 6.63.0 | 0 / 6 | |
| 6.62.17 | 0 / 6 | |
| 6.62.16 | 0 / 6 | |
| 6.62.15 | 0 / 6 | |
| 6.62.14 | 0 / 6 | |
| 6.62.11 | 0 / 6 | |
| 6.62.10 | 0 / 6 | |
| 6.62.9 | 0 / 6 | |
| 6.62.8 | 0 / 6 | |
| 6.62.7 | 0 / 6 | |
| 6.62.6 | 0 / 6 | |
| 6.62.5 | 0 / 6 | |
| 6.62.4 | 0 / 6 | |
| 6.62.3 | 0 / 6 | |
| 6.62.2 | 0 / 6 | |
| 6.62.1 | 0 / 6 | |
| 6.61.23 | 0 / 6 | |
| 6.61.22 | 0 / 6 | |
| 6.61.21 | 0 / 6 | |
| 6.61.20 | 0 / 6 | |
| 6.61.19 | 0 / 6 | |
| 6.61.17 | 0 / 6 | |
| 6.61.16 | 0 / 6 | |
| 6.61.15 | 0 / 6 | |
| 6.61.14 | 0 / 6 | |
| 6.61.12 | 0 / 6 | |
| 6.61.11 | 0 / 6 | |
| 6.61.10 | 0 / 6 | |
| 6.61.9 | 0 / 6 | |
| 6.61.8 | 0 / 6 | |
| 6.61.7 | 0 / 6 | |
| 6.61.6 | 0 / 6 | |
| 6.61.5 | 0 / 6 | |
| 6.61.4 | 0 / 6 | |
| 6.61.3 | 0 / 6 | |
| 6.61.2 | 0 / 6 | |
| 6.61.1 | 0 / 6 | |
| 6.61.0 | 0 / 6 | |
| 6.60.37 | 0 / 6 | |
| 6.60.36 | 0 / 6 | |
| 6.60.35 | 0 / 6 | |
| 6.60.33 | 0 / 6 | |
| 6.60.32 | 0 / 6 | |
| 6.60.30 | 0 / 6 | |
| 6.60.29 | 0 / 6 | |
| 6.60.28 | 0 / 6 | |
| 6.60.27 | 0 / 6 | |
| 6.60.26 | 0 / 6 | |
| 6.60.25 | 0 / 6 | |
| 6.60.24 | 0 / 6 | |
| 6.60.23 | 0 / 6 | |
| 6.60.22 | 0 / 6 | |
| 6.60.21 | 0 / 6 | |
| 6.60.20 | 0 / 6 | |
| 6.60.19 | 0 / 6 | |
| 6.60.18 | 0 / 6 | |
| 6.60.17 | 0 / 6 | |
| 6.60.16 | 0 / 6 | |
| 6.60.15 | 0 / 6 | |
| 6.60.14 | 0 / 6 | |
| 6.60.13 | 0 / 6 | |
| 6.60.12 | 0 / 6 | |
| 6.60.11 | 0 / 6 | |
| 6.60.10 | 0 / 6 | |
| 6.60.9 | 0 / 6 | |
| 6.60.8 | 0 / 6 | |
| 6.60.6 | 0 / 6 | |
| 6.60.4 | 0 / 6 | |
| 6.60.3 | 0 / 6 | |
| 6.60.2 | 0 / 6 | |
| 6.60.1 | 0 / 6 | |
| 6.59.62 | 0 / 6 | |
| 6.59.61 | 0 / 6 | |
| 6.59.60 | 0 / 6 | |
| 6.59.59 | 0 / 6 | |
| 6.59.58 | 0 / 6 | |
| 6.59.56 | 0 / 6 | |
| 6.59.55 | 0 / 6 |
v6.63.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.63.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.62.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.62.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.61.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.61.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.61.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.60.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.60.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.60.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.60.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.