← Home

buddy-bot

npm Repository Homepage

Automated & optimized dependency updates for JavaScript & TypeScript projects. Like Renovate & Dependabot.

5
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

chrisbreuerglenn123

Keywords

buddy-botdependency-updatesdependency-managementdependency-updaterdependency-managerrenovatedependabotbotbuntypescriptjavascript

Versions (showing 5 of 5)

Version Deps Published
0.9.20 2 / 14
0.9.19 3 / 6
0.1.0 4 / 5
0.0.3 4 / 5
0.0.2 4 / 5

v0.9.20

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.