n8n-core No license 28 versions

n8n-core

npm Repository Homepage

28

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jan_n8n_ion8n-matsuuutomin8n

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): tomin8n is an established n8n org publisher with 180 approved packages; transition from jan_n8n_io is a documented org account change.	ai	2026/05/25
maintainer-change	maintainer-added	AI (maintainer-change): Same org transition; tomin8n has strong track record across n8n packages.	ai	2026/05/25
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy reflects the publisher account change, not actual project inactivity; n8n-core is actively maintained.	ai	2026/05/25
phantom-deps	phantom-dep:picocolors	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:xml2js	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@n8n/workflow-sdk	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:htmlparser2	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:winston	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:callsites	AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package.	ai	2026/04/28

Versions (showing 28 of 135)

Version	Deps	Published
1.122.14	38 / 9	2026-02-06
1.122.13	38 / 9	2026-02-06
1.122.12	38 / 9	2026-01-29
1.122.11	38 / 9	2026-01-23
1.122.10	38 / 9	2026-01-16
1.122.9	38 / 9	2026-01-15
1.122.8	38 / 9	2026-01-13
1.122.7	38 / 9	2026-01-08
1.122.6	38 / 9	2026-01-02
1.122.5	38 / 9	2025-12-23
1.122.4	38 / 9	2025-12-22
1.122.3	38 / 9	2025-12-17
1.122.2	38 / 9	2025-12-15
1.122.1	38 / 9	2025-12-04
1.122.0	38 / 9	2025-12-01
1.121.2	38 / 9	2025-12-04
1.121.1	38 / 9	2025-11-26
1.121.0	38 / 9	2025-11-24
1.120.2	38 / 9	2025-11-26
1.120.1	38 / 9	2025-11-19
1.120.0	38 / 9	2025-11-18
1.119.3	38 / 9	2025-11-19
1.119.2	38 / 9	2025-11-14
1.119.1	38 / 9	2025-11-11
1.119.0	38 / 9	2025-11-10
1.118.1	38 / 9	2025-11-14
1.118.0	38 / 9	2025-11-03
1.117.1	38 / 9	2025-11-05

v1.122.14

2 findings

HIGH Publisher changed: jan_n8n_io → tomin8n (on 2026-02-06) provenance

This version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.13

2 findings

HIGH Publisher changed: jan_n8n_io → tomin8n (on 2026-02-06) provenance

This version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.118.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.118.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.117.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.