← Home

to-words

npm Repository Homepage
12
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mastermunj

Keywords

amount in wordsbigintcheque amount in wordsconvert-numbersconvertercurrencycurrency amount to wordscurrency to wordsi18ninternational number to wordsinternational number to words currencyinternationalizationinvoice amount in wordslocalizationmultilingualnum2wordsnumbernumber to textnumber to wordsnumber to words currencynumber-to-wordsnumbers to wordsnumbers-to-wordsordinalto wordstypescriptword

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance slsa-provenance AI (provenance): Package consistently publishes via GitHub Actions with SLSA provenance; this is the expected publish pattern going forward. ai
provenance publisher-changed AI (provenance): Publisher changed from personal account to GitHub Actions CI/CD with SLSA attestation — a security improvement, not a takeover signal. Repo ownership unchanged. ai
publish-pattern dormant-publish AI (publish-pattern): One-time dormancy followed by a major feature expansion (116 locales, ESM/CJS/UMD). SLSA provenance confirms legitimate CI publish. ai
source-diff large-new-source-files AI (source-diff): Large file count increase is due to multi-format dist output (CJS/ESM/UMD) added in v5 major refactor; stable pattern for this package going forward. ai
source-diff source-size-tripled AI (source-diff): Size increase explained by addition of UMD bundles (731KB + 564KB) for browser distribution; consistent with package.json jsdelivr/unpkg/browser fields. ai

Versions (showing 12 of 12)

Version Deps Published
5.6.1 0 / 20
5.6.0 0 / 19
5.5.1 0 / 19
5.5.0 0 / 19
5.4.0 0 / 19
5.3.0 0 / 19
5.2.1 0 / 19
5.2.0 0 / 20
5.1.0 0 / 24
5.0.0 0 / 24
4.10.0 0 / 23
4.9.0 0 / 23

v5.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.