better-auth
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@better-auth/core | AI (dependencies): First-party @better-auth scoped package published at matching version in monorepo release; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@better-auth/utils | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/drizzle-adapter | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/kysely-adapter | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/memory-adapter | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/mongo-adapter | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/prisma-adapter | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-auth/telemetry | AI (dependencies): First-party @better-auth scoped package; part of the same monorepo release. | ai | |
| dependencies | unvetted-dep:@better-fetch/fetch | AI (dependencies): Companion fetch library from the better-auth ecosystem; stable dependency used across versions. | ai | |
| dependencies | unvetted-dep:better-call | AI (dependencies): Companion RPC library from the better-auth ecosystem; stable dependency used across versions. | ai | |
| dependencies | unvetted-dep:jose | AI (dependencies): jose is a well-known, widely-used JWT/JOSE library; standard dependency for auth frameworks. | ai | |
| dependencies | unvetted-dep:kysely | AI (dependencies): kysely is a well-known type-safe SQL query builder; standard dependency for auth frameworks with DB support. | ai | |
| dependencies | unvetted-dep:nanostores | AI (dependencies): nanostores is a well-known state management library; used for client-side state in auth clients. | ai |
Versions (showing 36 of 36)
| Version | Deps | Published |
|---|---|---|
| 1.6.14 | 17 / 25 | |
| 1.6.13 | 17 / 25 | |
| 1.6.12 | 17 / 25 | |
| 1.6.11 | 17 / 24 | |
| 1.6.10 | 17 / 24 | |
| 1.6.9 | 17 / 24 | |
| 1.6.8 | 17 / 24 | |
| 1.6.7 | 17 / 24 | |
| 1.6.6 | 17 / 24 | |
| 1.6.5 | 17 / 24 | |
| 1.6.4 | 17 / 24 | |
| 1.6.3 | 17 / 24 | |
| 1.6.2 | 17 / 24 | |
| 1.6.1 | 17 / 24 | |
| 1.6.0 | 17 / 24 | |
| 1.5.6 | 17 / 29 | |
| 1.5.5 | 17 / 26 | |
| 1.5.4 | 17 / 26 | |
| 1.5.3 | 14 / 29 | |
| 1.5.2 | 17 / 26 | |
| 1.5.1 | 17 / 26 | |
| 1.5.0 | 17 / 26 | |
| 1.4.22 | 12 / 33 | |
| 1.4.21 | 12 / 33 | |
| 1.4.20 | 12 / 33 | |
| 1.4.19 | 12 / 33 | |
| 1.4.18 | 12 / 33 | |
| 1.4.17 | 12 / 32 | |
| 1.4.16 | 12 / 32 | |
| 1.4.15 | 12 / 32 | |
| 1.4.14 | 12 / 32 | |
| 1.4.13 | 12 / 30 | |
| 1.4.12 | 12 / 30 | |
| 1.4.11 | 12 / 30 | |
| 1.4.10 | 12 / 30 | |
| 1.4.9 | 12 / 30 |
v1.6.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.