inngest Apache-2.0 16 versions

inngest

npm Repository Homepage

Official SDK for Inngest.com. Inngest is the reliability layer for modern applications. Inngest combines durable execution, events, and queues into a zero-infra platform with built-in observability.

16

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

djfarrellyjpwilliamsdarwin67goodoldneoninngest-release-botlinell_inngest

Keywords

inngesttask managerworkflowworkflowsorchestrationtask orchestrationeventswebhookstask schedulerscheduled jobscron jobsqueueserverless event-driven systemsjob schedulerbackground jobsstep functionjob processingllm prompt chainingdurable executionlongrunninglong-runningtask sequencingdurable workflowreliabilityreliability layerparallel processingflow control

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@types/ms	AI (dependencies): @types/ms is a TypeScript type definitions package with no executable code; safe as a runtime dep for this SDK which already depends on ms.	ai	2026/04/26
phantom-deps	phantom-dep:@types/ms	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime. Stable false positive for this package.	ai	2026/04/26
phantom-deps	phantom-dep:@types/debug	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime. Stable false positive for this package.	ai	2026/04/26
phantom-deps	phantom-dep:temporal-polyfill	AI (phantom-deps): Referenced in config files for optional temporal API support; not directly imported. Expected pattern for this SDK.	ai	2026/04/26
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding in lambda.cjs handles AWS Lambda's isBase64Encoded flag — standard Lambda HTTP adapter pattern, not malicious payload hiding.	ai	2026/04/25
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() in middleware/logger.cjs implements a transparent Proxy delegation pattern for logger wrapping — standard JS idiom, not evasion.	ai	2026/04/25

Versions (showing 16 of 16)

Version	Deps	Published
4.2.5	24 / 50	2026-04-27
4.2.4	24 / 50	2026-04-15
4.2.3	24 / 50	2026-04-15
4.2.2	24 / 50	2026-04-14
4.2.1	24 / 50	2026-04-10
4.2.0	24 / 50	2026-04-07
4.1.2	24 / 50	2026-04-03
4.1.0	24 / 48	2026-03-25
3.52.2	26 / 43	2026-02-19
3.49.3	25 / 43	2026-01-16
3.48.1	25 / 43	2025-12-19
3.46.0	24 / 44	2025-11-21
3.45.1	24 / 44	2025-11-11
3.45.0	24 / 44	2025-11-06
3.44.5	23 / 44	2025-11-03
3.44.4	23 / 44	2025-10-30

v4.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.52.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.49.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.48.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.46.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.45.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.45.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.44.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.44.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.