pluggy-sdk

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (gpanga) than the most recent previously approved version (fmiras) on 2026-04-09, but gpanga is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (gpanga) than the most recent previously approved version (fmiras) on 2026-04-07, but gpanga is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (gpanga) than the most recent previously approved version (fmiras) on 2026-01-23, but gpanga is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version was published by a different npm account (gpanga) than the most recent previously approved version (fmiras) on 2026-01-12, but gpanga is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.