conventional-changelog-storm-software
This package contains the shared conventional-changelog configuration used in Storm Software projects.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions CI/CD is a legitimate automation change, backed by SLSA provenance attestation. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Config-only reference in a monorepo package; stable false positive. | ai | |
| phantom-deps | phantom-dep:conventional-changelog-conventionalcommits | AI (phantom-deps): Config-only reference; stable false positive for this package. | ai |
Versions (showing 100 of 250)
| Version | Deps | Published |
|---|---|---|
| 0.3.230 | 6 / 4 | |
| 0.3.229 | 6 / 4 | |
| 0.3.228 | 6 / 4 | |
| 0.3.227 | 6 / 4 | |
| 0.3.226 | 6 / 4 | |
| 0.3.225 | 6 / 4 | |
| 0.3.223 | 6 / 4 | |
| 0.3.222 | 6 / 4 | |
| 0.3.221 | 6 / 4 | |
| 0.3.220 | 6 / 4 | |
| 0.3.219 | 6 / 4 | |
| 0.3.218 | 6 / 4 | |
| 0.3.217 | 6 / 4 | |
| 0.3.216 | 6 / 4 | |
| 0.3.215 | 6 / 4 | |
| 0.3.214 | 6 / 4 | |
| 0.3.213 | 6 / 4 | |
| 0.3.212 | 6 / 4 | |
| 0.3.211 | 6 / 4 | |
| 0.3.210 | 6 / 4 | |
| 0.3.209 | 6 / 4 | |
| 0.3.208 | 6 / 4 | |
| 0.3.207 | 6 / 4 | |
| 0.3.206 | 6 / 4 | |
| 0.3.205 | 6 / 4 | |
| 0.3.204 | 6 / 4 | |
| 0.3.203 | 6 / 4 | |
| 0.3.202 | 6 / 4 | |
| 0.3.201 | 6 / 4 | |
| 0.3.200 | 6 / 4 | |
| 0.3.199 | 6 / 4 | |
| 0.3.198 | 6 / 4 | |
| 0.3.197 | 6 / 4 | |
| 0.3.196 | 6 / 4 | |
| 0.3.195 | 6 / 4 | |
| 0.3.194 | 6 / 4 | |
| 0.3.193 | 6 / 4 | |
| 0.3.192 | 6 / 4 | |
| 0.3.191 | 6 / 4 | |
| 0.3.190 | 6 / 4 | |
| 0.3.189 | 6 / 4 | |
| 0.3.188 | 6 / 4 | |
| 0.3.187 | 6 / 4 | |
| 0.3.186 | 6 / 4 | |
| 0.3.185 | 6 / 4 | |
| 0.3.184 | 6 / 4 | |
| 0.3.183 | 6 / 4 | |
| 0.3.182 | 6 / 4 | |
| 0.3.181 | 6 / 4 | |
| 0.3.180 | 6 / 4 | |
| 0.3.179 | 6 / 4 | |
| 0.3.178 | 6 / 4 | |
| 0.3.177 | 6 / 4 | |
| 0.3.176 | 6 / 4 | |
| 0.3.175 | 6 / 4 | |
| 0.3.174 | 6 / 4 | |
| 0.3.173 | 6 / 4 | |
| 0.3.171 | 6 / 4 | |
| 0.3.170 | 6 / 4 | |
| 0.3.169 | 6 / 4 | |
| 0.3.168 | 6 / 4 | |
| 0.3.167 | 6 / 4 | |
| 0.3.166 | 6 / 4 | |
| 0.3.165 | 6 / 4 | |
| 0.3.162 | 6 / 4 | |
| 0.3.161 | 6 / 4 | |
| 0.3.160 | 6 / 4 | |
| 0.3.159 | 6 / 4 | |
| 0.3.158 | 6 / 4 | |
| 0.3.157 | 6 / 4 | |
| 0.3.156 | 6 / 4 | |
| 0.3.155 | 6 / 4 | |
| 0.3.154 | 6 / 4 | |
| 0.3.153 | 6 / 4 | |
| 0.3.152 | 6 / 4 | |
| 0.3.151 | 6 / 4 | |
| 0.3.150 | 6 / 4 | |
| 0.3.149 | 6 / 4 | |
| 0.3.148 | 6 / 4 | |
| 0.3.147 | 6 / 4 | |
| 0.3.146 | 6 / 4 | |
| 0.3.145 | 6 / 4 | |
| 0.3.144 | 6 / 4 | |
| 0.3.143 | 6 / 4 | |
| 0.3.142 | 6 / 4 | |
| 0.3.141 | 6 / 4 | |
| 0.3.140 | 6 / 4 | |
| 0.3.139 | 6 / 4 | |
| 0.3.138 | 6 / 4 | |
| 0.3.137 | 6 / 4 | |
| 0.3.136 | 6 / 4 | |
| 0.3.135 | 6 / 4 | |
| 0.3.134 | 6 / 4 | |
| 0.3.133 | 6 / 4 | |
| 0.3.132 | 6 / 4 | |
| 0.3.131 | 6 / 4 | |
| 0.3.130 | 6 / 4 | |
| 0.3.129 | 6 / 4 | |
| 0.3.128 | 6 / 4 | |
| 0.3.127 | 6 / 4 |
v0.3.230
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.229
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.228
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.227
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.226
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.225
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.223
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.222
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.221
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.220
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.219
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.218
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.217
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.216
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.215
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.214
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.213
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.212
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.211
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.210
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.209
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.208
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.207
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.206
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.205
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.204
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.203
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.202
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.201
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.200
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.199
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.198
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.197
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.196
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.195
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.194
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.193
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.192
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.191
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.190
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.189
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.188
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.187
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.3.186
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.185
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.184
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.183
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.182
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.181
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.180
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.179
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.178
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.177
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.176
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.175
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.174
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.173
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.171
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.170
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.169
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.168
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.167
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.166
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.165
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.162
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.160
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.159
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.158
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.157
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.156
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.155
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.154
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.153
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.152
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.151
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.150
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.149
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.148
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.147
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.146
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.145
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.144
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.143
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.142
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.141
2 findingsThis version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.140
2 findingsThis version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.139
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.138
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.137
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.136
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.135
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.134
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.133
2 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.132
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.131
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.130
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.129
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.128
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.127
2 findingsThis version was published by a different npm account than previous versions on 2026-03-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.