googlemaps MIT 18 versions

googlemaps

npm Repository Homepage

A simple way to query the Google Maps API from Node.js

18

Versions

MIT

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

moshenfabmos

Keywords

mapgeogoogleapigooglemapsgoogle mapsgoogle-mapsnode google maps

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Long-established package with clean version diff; missing gitHead is a publish environment change, not a security indicator for this package.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Older package predating Sigstore provenance; no CI/CD provenance is expected for this package's era and maintenance style.	ai	2026/04/24
typosquat	typosquat.levenshtein:googleapis	AI (typosquat): googlemaps is a legitimate, long-established (~15yr) Google Maps API client for Node.js — distinct from googleapis. Levenshtein proximity is coincidental, not a typosquat.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): check-types is a well-known, legitimate type-checking utility; its addition is consistent with input validation improvements in a Maps API wrapper.	ai	2026/04/24
dependencies	unvetted-dep:request	AI (dependencies): request is a well-known HTTP library and a legitimate, expected dependency for a Google Maps API HTTP client. Stable false positive for this package.	ai	2026/04/23

Versions (showing 18 of 18)

Version	Deps	Published
1.12.0	4 / 2	2016-12-20
1.11.1	4 / 2	2016-07-19
1.11.0	4 / 2	2016-07-18
1.9.0	4 / 2	2016-07-18
1.3.0	4 / 3	2016-02-24
1.1.0	3 / 3	2016-01-19
1.0.2	3 / 3	2015-09-22
1.0.1	3 / 3	2015-06-16
1.0.0	3 / 3	2015-06-11
0.1.15	2 / 1	2014-09-20
0.1.12	2 / 1	2014-09-13
0.1.6	1 / 1	2011-12-29
0.1.5	0 / 1	2011-12-06
0.1.4	0 / 1	2011-09-16
0.1.3	0 / 1	2011-07-24
0.1.2	0 / 1	2011-05-11
0.1.1	0 / 0	2011-05-11
0.1.0	0 / 0	2011-05-11

v1.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.11.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.15

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: fabmos.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: fabmos.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.