← Home

undici-oidc-interceptor

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

mzugmivan-tymoshenkomarcopiraccinileorossishogun_pandamatteo.collinaqardlucamaraschisimone.sanfra

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:fast-jwt AI (dependencies): fast-jwt is a Platformatic-maintained JWT library; its use in an OIDC interceptor is expected and appropriate. Stable false positive for this package. ai
dependencies unvetted-dep:async-cache-dedupe AI (dependencies): async-cache-dedupe is a Platformatic-maintained caching library; its use for token caching in an OIDC interceptor is expected. Stable false positive for this package. ai
semgrep semgrep:toplevel-fetch AI (semgrep): Fetch call is in examples/client-store.mjs targeting localhost:3002 — a demo file showing library usage, not production code or telemetry. ai

Versions (showing 3 of 3)

Version Deps Published
0.9.0 3 / 11
0.8.0 3 / 9
0.7.0 3 / 9

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.