← Home

http-proxy-middleware

npm Repository Homepage

The one-liner node.js proxy middleware for connect, express, next.js and more

3
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chimurai

Keywords

browser-syncconnectcorsexpressfastifygrunt-contrib-connectgulphonohttphttpsmiddlewarenext.jspolkaproxyreversewebsocketws

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher changed from chimurai personal account to GitHub Actions CI/CD with SLSA provenance — this is the expected result of adopting automated publishing from the same repo. ai
dependencies unvetted-dep:http-proxy AI (dependencies): http-proxy is the core dependency this package is built upon; it has been a stable, expected dependency throughout the package's history. ai
dependencies unvetted-dep:@types/http-proxy AI (dependencies): @types/http-proxy provides TypeScript type definitions for http-proxy; a legitimate and expected runtime dependency for this TypeScript-based package. ai
phantom-deps phantom-dep:@types/http-proxy AI (phantom-deps): @types/http-proxy is intentionally a runtime dep here to expose TypeScript types to consumers; not a true phantom dependency for this package. ai

Versions (showing 3 of 3)

Show 3 prereleases
Version Deps Published
4.0.0 5 / 32
3.0.5 6 / 32
2.0.9 5 / 29

v4.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.