eslint-plugin-rxjs-x No license 15 versions

eslint-plugin-rxjs-x

npm Repository Homepage

15

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jasonweinzierl

Keywords

lintruleseslinteslintplugineslint-pluginrxjs

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package explicitly uses GitHub Actions for publishing with SLSA provenance; publisher change from human to GHA is intentional.	ai	2026/05/06
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by GHA-published release with SLSA attestation; no signs of takeover.	ai	2026/05/06
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a declared runtime dependency used implicitly by TypeScript compilation output; stable false positive.	ai	2026/05/06

Versions (showing 15 of 15)

Version	Deps	Published
1.0.2	3 / 29	2026-03-31
1.0.1	3 / 29	2026-03-20
1.0.0	3 / 24	2026-02-17
0.9.5	6 / 23	2026-02-16
0.9.4	6 / 23	2026-02-13
0.9.3	6 / 23	2026-02-12
0.9.2	6 / 23	2026-02-11
0.9.1	6 / 23	2026-02-03
0.9.0	6 / 23	2026-02-01
0.8.5	6 / 23	2026-01-30
0.8.4	6 / 23	2025-12-29
0.8.3	6 / 24	2025-11-25
0.8.2	6 / 24	2025-11-05
0.8.1	6 / 24	2025-11-03
0.8.0	6 / 24	2025-11-02

v1.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-17) provenance

This version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.5

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-16) provenance

This version was published by a different npm account than previous versions on 2026-02-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.4

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-13) provenance

This version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.3

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-12) provenance

This version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.2

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.1

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-03) provenance

This version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-02-01) provenance

This version was published by a different npm account than previous versions on 2026-02-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.5

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2026-01-30) provenance

This version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.4

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2025-12-29) provenance

This version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.3

2 findings

HIGH Publisher changed: jasonweinzierl → GitHub Actions (on 2025-11-25) provenance

This version was published by a different npm account than previous versions on 2025-11-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.