protobufjs BSD-3-Clause 14 versions

protobufjs

npm Repository Homepage

Protocol Buffers for JavaScript (& TypeScript).

14

Versions

BSD-3-Clause

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dcodefenstergoogle-wombot

Keywords

protobufprotocol-buffersserializationtypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): All 10 new deps are first-party @protobufjs/* scoped packages; standard v7 architecture for this package.	ai	2026/05/30
npm-metadata	url-dep:jaguarjs-jsdoc	AI (npm-metadata): devDependency only; dcodeIO is the original author's GitHub org; no runtime impact.	ai	2026/05/30
install-scripts	install-script:postinstall	AI (install-scripts): Long-standing postinstall checking dependent version scheme; stable for this package.	ai	2026/04/27
semgrep	semgrep:dynamic-require	AI (semgrep): Loads own package.json via path.join(__dirname, ..); not arbitrary.	ai	2026/04/27
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is a declared type dependency loaded by TypeScript convention.	ai	2026/04/27

Versions (showing 14 of 14)

Version	Deps	Published
8.6.4	1 / 27	2026-06-16
8.6.3	1 / 27	2026-06-11
8.6.1	1 / 27	2026-06-07
8.6.0	1 / 27	2026-06-04
8.2.1	2 / 27	2026-05-13
8.2.0	2 / 30	2026-05-09
8.0.3	2 / 31	2026-04-27
8.0.2	2 / 31	2026-04-27
7.6.4	11 / 30	2026-06-12
7.6.3	12 / 30	2026-06-09
7.6.1	12 / 30	2026-05-22
7.5.8	12 / 30	2026-05-12
7.5.7	12 / 30	2026-05-09
7.5.6	12 / 30	2026-04-28

v8.6.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.