← Home

immer

Create your next immutable state by mutating the current one

100
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mweststratealeclarson

Keywords

immutablemutablecopy-on-write

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher change from mweststrate to aleclarson is a documented, legitimate maintainer transition for the immer project. aleclarson has a strong track record (33 approved packages, 2736 days on npm). ai
maintainer-change maintainer-added AI (maintainer-change): aleclarson is a known, legitimate contributor added as maintainer during the documented immer project transition. No malicious indicators present. ai
provenance missing-githead AI (provenance): Early version (0.2.0) published by the original author mweststrate before consistent gitHead tracking; no supply chain concern given publisher reputation and clean package contents. ai
provenance no-provenance AI (provenance): Package predates Sigstore provenance; already marked as accepted risk in findings. ai
source-diff obfuscated-file:dist/cjs/immer.cjs.production.js AI (source-diff): Standard minified production build artifact for immer; contains recognizable immer internals and API exports. Minification is expected for this library's dist output. ai
source-diff obfuscated-file:dist/immer.production.mjs AI (source-diff): Standard minified ESM production build artifact for immer; same rationale as the CJS production build — expected dist output, not obfuscation. ai

Versions (showing 100 of 139)

Version Deps Published
11.1.11 0 / 23
11.1.10 0 / 23
11.1.9 0 / 23
11.1.8 0 / 23
11.1.7 0 / 23
11.1.6 0 / 23
11.1.5 0 / 23
11.1.4 0 / 23
11.1.3 0 / 23
11.1.2 0 / 22
11.1.0 0 / 22
11.0.1 0 / 22
11.0.0 0 / 22
10.2.0 0 / 22
10.1.3 0 / 21
10.1.2 0 / 21
10.1.1 0 / 21
10.1.0 0 / 21
10.0.4 0 / 21
10.0.3 0 / 22
10.0.2 0 / 22
10.0.1 0 / 22
10.0.0 0 / 22
9.0.21 0 / 23
9.0.20 0 / 23
9.0.19 0 / 23
9.0.18 0 / 24
9.0.17 0 / 23
9.0.16 0 / 23
9.0.15 0 / 23
9.0.14 0 / 23
9.0.13 0 / 23
9.0.12 0 / 23
9.0.11 0 / 23
9.0.10 0 / 23
9.0.9 0 / 23
9.0.8 0 / 23
9.0.7 0 / 23
9.0.6 0 / 23
6.0.9 0 / 26
6.0.8 0 / 26
6.0.7 0 / 26
6.0.6 0 / 26
6.0.5 0 / 26
6.0.4 0 / 26
6.0.3 0 / 26
6.0.2 0 / 26
6.0.1 0 / 26
6.0.0 0 / 26
5.3.6 0 / 32
5.3.5 0 / 32
5.3.4 0 / 32
5.3.3 0 / 31
5.3.2 0 / 31
5.3.0 0 / 31
5.2.1 0 / 30
5.2.0 0 / 30
5.1.0 0 / 30
5.0.2 0 / 28
5.0.1 0 / 28
5.0.0 0 / 28
4.0.2 0 / 28
4.0.1 0 / 28
4.0.0 0 / 28
3.3.0 0 / 28
3.2.1 0 / 28
3.2.0 0 / 28
3.1.4 0 / 28
3.1.3 0 / 28
3.1.2 0 / 28
3.1.1 0 / 28
3.0.0 0 / 28
2.1.5 0 / 27
2.1.4 0 / 26
2.1.3 0 / 26
2.1.2 0 / 26
2.1.1 0 / 32
2.1.0 0 / 32
2.0.0 0 / 32
1.12.1 0 / 32
1.12.0 0 / 32
1.11.1 0 / 32
1.11.0 0 / 32
1.10.5 0 / 32
1.10.4 0 / 32
1.10.3 0 / 32
1.10.2 0 / 32
1.10.1 0 / 32
1.10.0 0 / 32
1.9.3 0 / 32
1.9.2 0 / 32
1.9.1 0 / 32
1.9.0 0 / 32
1.8.2 0 / 33
1.8.1 0 / 33
1.8.0 0 / 34
1.7.4 0 / 34
1.7.3 0 / 34
1.7.2 0 / 34
1.7.1 0 / 34
Showing 100 of 139 Next page →

v11.1.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.