semantic-release MIT 100 versions

semantic-release

npm Repository Homepage

Automated semver compliant package publishing

100

Versions

MIT

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

semantic-release-botgr2mtravi

Keywords

authorautomationchangelogmodulepackagepublishreleasesemverversion

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): pvdlg removal is a historical cleanup; package published via GitHub Actions with SLSA provenance, no takeover indicators.	ai	2026/06/10
phantom-deps	phantom-dep:aggregate-error	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:hosted-git-info	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:import-from-esm	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:marked-terminal	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:read-package-up	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:@semantic-release/error	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
source-diff	source-size-dropped	AI (source-diff): Size drop likely reflects ESM refactoring/bundling changes, not code removal; no malicious indicators.	ai	2026/06/10
phantom-deps	phantom-dep:env-ci	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:marked	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:figures	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:hook-std	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:p-reduce	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:get-stream	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:micromatch	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:cosmiconfig	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:resolve-from	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:p-each-series	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
phantom-deps	phantom-dep:git-log-parser	AI (phantom-deps): ESM package uses dynamic imports; deps are legitimately used at runtime.	ai	2026/06/10
provenance	publisher-changed	AI (provenance): semantic-release migrated publishing to GitHub Actions CI/CD with SLSA provenance attestation; this publisher change is legitimate and verifiable for this package.	ai	2026/04/24
dependencies	unvetted-dep:figures	AI (dependencies): figures is a well-known sindresorhus terminal symbols utility; a legitimate, benign dependency for semantic-release's CLI output.	ai	2026/04/24
phantom-deps	phantom-dep:@semantic-release/commit-analyzer	AI (phantom-deps): Default plugin loaded dynamically at runtime. Stable false positive for this plugin-based architecture.	ai	2026/04/23
phantom-deps	phantom-dep:@semantic-release/npm	AI (phantom-deps): Default plugin loaded dynamically at runtime via resolve-from/import-from-esm; static import analysis cannot detect this pattern. Stable false positive for this package.	ai	2026/04/23
semgrep	semgrep:env-spread	AI (semgrep): semantic-release is CI/CD tooling that intentionally propagates process.env to child git processes. This is expected behavior, not a vulnerability, and is stable across all versions.	ai	2026/04/23
phantom-deps	phantom-dep:@semantic-release/release-notes-generator	AI (phantom-deps): Default plugin loaded dynamically at runtime. Stable false positive for this plugin-based architecture.	ai	2026/04/23
phantom-deps	phantom-dep:@semantic-release/github	AI (phantom-deps): Default plugin loaded dynamically at runtime. Same pattern as @semantic-release/npm — stable false positive.	ai	2026/04/23

Versions (showing 100 of 337)

Version	Deps	Published
17.1.0	28 / 18	2020-06-22
17.0.8	28 / 18	2020-05-24
17.0.7	28 / 18	2020-04-21
17.0.6	28 / 18	2020-04-16
17.0.5	28 / 18	2020-04-16
17.0.4	28 / 18	2020-02-17
17.0.3	28 / 18	2020-02-13
17.0.2	28 / 18	2020-01-31
17.0.1	28 / 18	2020-01-28
17.0.0	28 / 18	2020-01-27
16.0.4	28 / 18	2020-01-27
16.0.3	28 / 18	2020-01-22
16.0.2	28 / 18	2020-01-15
16.0.1	28 / 18	2020-01-10
16.0.0	28 / 18	2020-01-09
15.14.0	26 / 18	2019-12-21
15.13.32	26 / 18	2019-12-15
15.13.31	26 / 18	2019-11-17
15.13.30	26 / 18	2019-11-02
15.13.29	26 / 18	2019-11-02
15.13.28	26 / 18	2019-10-26
15.13.27	26 / 18	2019-10-18
15.13.26	26 / 18	2019-10-09
15.13.25	26 / 18	2019-09-27
15.13.24	26 / 18	2019-08-22
15.13.23	26 / 18	2019-08-19
15.13.22	26 / 18	2019-08-16
15.13.21	26 / 18	2019-08-12
15.13.20	26 / 20	2019-08-06
15.13.19	26 / 20	2019-07-06
15.13.18	26 / 20	2019-06-26
15.13.17	26 / 20	2019-06-25
15.13.16	26 / 20	2019-06-07
15.13.15	26 / 20	2019-06-05
15.13.14	26 / 20	2019-05-14
15.13.13	26 / 20	2019-05-08
15.13.12	26 / 20	2019-04-15
15.13.11	26 / 20	2019-04-15
15.13.10	26 / 20	2019-04-15
15.13.9	26 / 20	2019-04-14
15.13.8	26 / 20	2019-03-21
15.13.7	26 / 20	2019-03-13
15.13.6	26 / 20	2019-03-13
15.13.5	26 / 20	2019-03-13
15.13.4	26 / 20	2019-02-15
15.13.3	26 / 20	2019-01-10
15.13.2	26 / 20	2018-12-26
15.13.1	26 / 20	2018-12-16
15.13.0	26 / 20	2018-12-14
15.12.5	26 / 20	2018-12-11
15.12.4	26 / 20	2018-11-30
15.12.3	26 / 20	2018-11-28
15.12.2	26 / 20	2018-11-26
15.12.1	26 / 20	2018-11-21
15.12.0	26 / 20	2018-11-14
15.11.0	26 / 20	2018-11-12
15.10.8	26 / 20	2018-11-06
15.10.7	26 / 20	2018-11-02
15.10.6	26 / 20	2018-10-27
15.10.5	27 / 20	2018-10-20
15.10.4	27 / 20	2018-10-20
15.10.3	27 / 20	2018-10-17
15.10.2	27 / 20	2018-10-09
15.10.1	27 / 20	2018-10-09
15.10.0	27 / 20	2018-10-08
15.9.17	27 / 20	2018-10-04
15.9.16	27 / 20	2018-09-19
15.9.15	27 / 20	2018-09-11
15.9.14	27 / 20	2018-09-07
15.9.13	27 / 20	2018-09-07
15.9.12	27 / 20	2018-08-27
15.9.11	27 / 20	2018-08-26
15.9.10	27 / 20	2018-08-24
15.9.9	27 / 20	2018-08-18
15.9.8	27 / 19	2018-08-10
15.9.7	27 / 19	2018-08-10
15.9.6	27 / 19	2018-08-08
15.9.5	27 / 19	2018-08-05
15.9.4	27 / 19	2018-08-05
15.9.3	27 / 19	2018-07-31
15.9.2	27 / 19	2018-07-30
15.9.1	27 / 19	2018-07-30
15.9.0	27 / 19	2018-07-30
15.8.1	26 / 19	2018-07-18
15.8.0	26 / 19	2018-07-17
15.7.2	26 / 19	2018-07-16
15.7.1	26 / 19	2018-07-10
15.7.0	26 / 19	2018-07-10
15.6.6	26 / 19	2018-07-10
15.6.5	26 / 19	2018-07-10
15.6.4	26 / 19	2018-07-07
15.6.3	26 / 19	2018-07-02
15.6.2	26 / 19	2018-07-02
15.6.1	26 / 19	2018-06-26
15.6.0	26 / 19	2018-06-19
15.5.5	26 / 19	2018-06-18
15.5.4	26 / 19	2018-06-15
15.5.3	26 / 19	2018-06-15
15.5.2	26 / 19	2018-06-11
15.5.1	26 / 19	2018-06-06

Showing 100 of 337 Next page →