templates-common-library
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@esri/telemetry-amazon | AI (dependencies): First-party Esri telemetry package; consistent with existing telemetry exports in this library. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Established Esri library with 1414 versions; dormancy flag is a false positive for this well-known package. | ai |
Versions (showing 39 of 39)
| Version | Deps | Published |
|---|---|---|
| 0.0.724 | 5 / 6 | |
| 0.0.722 | 5 / 6 | |
| 0.0.721 | 5 / 6 | |
| 0.0.720 | 5 / 6 | |
| 0.0.719 | 2 / 6 | |
| 0.0.718 | 2 / 6 | |
| 0.0.717 | 2 / 6 | |
| 0.0.716 | 2 / 6 | |
| 0.0.715 | 2 / 6 | |
| 0.0.714 | 2 / 6 | |
| 0.0.713 | 2 / 6 | |
| 0.0.712 | 2 / 6 | |
| 0.0.711 | 2 / 6 | |
| 0.0.710 | 2 / 6 | |
| 0.0.709 | 2 / 6 | |
| 0.0.708 | 2 / 6 | |
| 0.0.707 | 2 / 6 | |
| 0.0.706 | 2 / 6 | |
| 0.0.705 | 2 / 6 | |
| 0.0.704 | 2 / 6 | |
| 0.0.703 | 2 / 6 | |
| 0.0.702 | 2 / 6 | |
| 0.0.701 | 0 / 0 | |
| 0.0.700 | 0 / 0 | |
| 0.0.699 | 0 / 0 | |
| 0.0.698 | 0 / 0 | |
| 0.0.697 | 0 / 0 | |
| 0.0.696 | 0 / 0 | |
| 0.0.695 | 0 / 0 | |
| 0.0.694 | 0 / 0 | |
| 0.0.693 | 0 / 0 | |
| 0.0.692 | 0 / 0 | |
| 0.0.691 | 0 / 0 | |
| 0.0.690 | 0 / 0 | |
| 0.0.689 | 0 / 0 | |
| 0.0.688 | 0 / 0 | |
| 0.0.687 | 0 / 0 | |
| 0.0.686 | 0 / 0 | |
| 0.0.685 | 0 / 0 |
v0.0.724
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.722
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.721
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.720
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.719
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.718
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.717
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.716
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.715
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.714
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.713
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.712
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.711
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.710
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.709
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.708
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.707
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.706
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.705
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.704
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.703
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.702
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.701
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.700
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.699
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.698
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.697
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.696
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.695
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.694
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.693
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.692
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.691
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.690
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.689
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.688
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.687
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.686
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.685
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.