← Home

har-to-k6

npm Repository Homepage

Convert LI-HAR to k6 script

5
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

allanssonleganderk6-cie-fisher2steakscrisvedvinasdaug

Keywords

k6harli-harloadtestload-testload-testingserver-loadperformance

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:fs-extra AI (phantom-deps): Build/config artifact; stable false positive for this package. ai
phantom-deps phantom-dep:form-urlencoded AI (phantom-deps): Build/config artifact; stable false positive for this package. ai
phantom-deps phantom-dep:bundle-collapser AI (phantom-deps): Build/config artifact; stable false positive for this package. ai
email-domain unclaimed-email:k6.io AI (email-domain): k6.io is Grafana's product domain; package is published under grafana org with SLSA provenance. ai
semgrep semgrep:new-function-constructor AI (semgrep): Used only for identifier validation (isValidIdentifier), not arbitrary user-input execution. ai

Versions (showing 5 of 5)

Version Deps Published
0.14.15 15 / 18
0.14.14 15 / 16
0.14.13 15 / 16
0.14.12 15 / 16
0.14.11 15 / 16

v0.14.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.14

2 findings
HIGH Unclaimed maintainer email domain: k6.io email-domain

Maintainer email '[email protected]' uses domain 'k6.io' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.