braintree-web
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:card-validator | AI (phantom-deps): Browser SDK bundles deps; phantom-dep heuristic fires on bundled/config-referenced packages, not a real missing import. | ai | |
| phantom-deps | phantom-dep:promise-polyfill | AI (phantom-deps): Same bundled browser SDK pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:inject-stylesheet | AI (phantom-deps): Same bundled browser SDK pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@braintree/sanitize-url | AI (phantom-deps): Same bundled browser SDK pattern; stable false positive for this package. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 3.143.0 | 15 / 0 | |
| 3.142.0 | 15 / 0 | |
| 3.141.0 | 15 / 0 | |
| 3.140.0 | 15 / 0 | |
| 3.139.0 | 15 / 0 | |
| 3.138.0 | 15 / 0 | |
| 3.137.0 | 15 / 0 | |
| 3.136.0 | 15 / 0 | |
| 3.135.0 | 15 / 0 | |
| 3.134.0 | 15 / 0 | |
| 3.133.0 | 15 / 0 | |
| 3.132.0 | 15 / 0 | |
| 3.131.0 | 15 / 0 | |
| 3.130.1 | 15 / 0 | |
| 3.130.0 | 15 / 0 | |
| 3.129.1 | 15 / 0 | |
| 3.129.0 | 15 / 0 | |
| 3.128.0 | 15 / 0 | |
| 3.127.0 | 15 / 0 | |
| 3.126.0 | 15 / 0 | |
| 3.125.0 | 15 / 0 | |
| 3.124.0 | 15 / 0 | |
| 3.123.2 | 15 / 0 | |
| 3.123.1 | 15 / 0 | |
| 3.123.0 | 15 / 0 | |
| 3.122.0 | 15 / 0 | |
| 3.121.0 | 15 / 0 | |
| 3.120.2 | 15 / 0 | |
| 3.120.1 | 15 / 0 | |
| 3.120.0 | 15 / 0 |
v3.143.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.142.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.141.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.140.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.139.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.138.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.137.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.136.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.135.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.134.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.133.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.132.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.131.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.130.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.130.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.129.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.129.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.128.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.127.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.126.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.125.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.124.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.123.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.123.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.123.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.122.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.121.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.120.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.120.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.120.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.