base64url
For encoding to/from base64urls
16
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
brianloveswordsmylesborins
Keywords
base64base64url
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 3.0.1 | 0 / 2 | |
| 3.0.0 | 0 / 2 | |
| 2.0.0 | 0 / 1 | |
| 1.0.6 | 2 / 1 | |
| 1.0.5 | 2 / 1 | |
| 1.0.4 | 2 / 1 | |
| 1.0.3 | 2 / 1 | |
| 1.0.2 | 2 / 1 | |
| 1.0.1 | 2 / 1 | |
| 1.0.0 | 2 / 1 | |
| 0.0.6 | 0 / 1 | |
| 0.0.5 | 1 / 0 | |
| 0.0.4 | 1 / 0 | |
| 0.0.3 | 1 / 0 | |
| 0.0.2 | 1 / 0 | |
| 0.0.1 | 1 / 0 |
v2.0.0
2 findings
MEDIUM
GHSA-rvg8-pwq2-xj7q: Out-of-bounds Read in base64url
osv
Versions of `base64url` before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. ## Recommendation Update to version 3.0.0 or later.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.