← Home

kubernetes-models

npm Repository Homepage
5
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tommy351

Keywords

kuberneteskubernetes-models

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@kubernetes-models/validate AI (phantom-deps): Used by generated schema files at runtime; referenced indirectly. ai
source-diff obfuscated-file:_schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBindingList.js AI (source-diff): Auto-generated AJV validators for K8s schemas; long lines are from codegen, not obfuscation. ai
source-diff obfuscated-file:_schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicySpec.js AI (source-diff): Auto-generated AJV validators for K8s schemas; long lines are from codegen, not obfuscation. ai
source-diff large-new-source-files AI (source-diff): Package is auto-generated from K8s OpenAPI spec; large file counts are normal for new API versions. ai
provenance publisher-changed AI (provenance): Transition from tommy351 to GitHub Actions CI/CD; confirmed by SLSA provenance attestation. ai
source-diff obfuscated-file:_schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicy.js AI (source-diff): Auto-generated AJV validators for K8s schemas; long lines are from codegen, not obfuscation. ai
source-diff obfuscated-file:_schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBinding.js AI (source-diff): Auto-generated AJV validators for K8s schemas; long lines are from codegen, not obfuscation. ai
source-diff obfuscated-file:_schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyList.js AI (source-diff): Auto-generated AJV validators for K8s schemas; long lines are from codegen, not obfuscation. ai
dependencies unvetted-dep:@kubernetes-models/apimachinery AI (dependencies): First-party sibling package from the same kubernetes-models-ts monorepo by the same author (tommy351); not a third-party risk. ai
dependencies unvetted-dep:@kubernetes-models/base AI (dependencies): First-party sibling package from the same kubernetes-models-ts monorepo by the same author (tommy351); not a third-party risk. ai
dependencies unvetted-dep:@kubernetes-models/validate AI (dependencies): First-party sibling package from the same kubernetes-models-ts monorepo by the same author (tommy351); not a third-party risk. ai

Versions (showing 5 of 5)

Version Deps Published
5.1.0 3 / 7
5.0.2 3 / 7
5.0.1 3 / 7
5.0.0 3 / 7
4.5.1 4 / 8

v5.1.0

7 findings
HIGH Publisher changed: tommy351 → GitHub Actions (on 2026-05-12) provenance

This version was published by a different npm account than previous versions on 2026-05-12. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBinding.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBindingList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicySpec.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.2

7 findings
HIGH Publisher changed: tommy351 → GitHub Actions (on 2026-05-06) provenance

This version was published by a different npm account than previous versions on 2026-05-06. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBinding.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBindingList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicySpec.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.1

7 findings
HIGH Publisher changed: tommy351 → GitHub Actions (on 2026-05-05) provenance

This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBinding.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBindingList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicySpec.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.0

7 findings
HIGH Publisher changed: tommy351 → GitHub Actions (on 2026-05-03) provenance

This version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBinding.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyBindingList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicyList.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: _schemas/IoK8sApiAdmissionregistrationV1MutatingAdmissionPolicySpec.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.