← Home

@actions/core

npm Repository Homepage

Actions core lib

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

bryanmacfarlanethboopericsciplebdehamer

Keywords

githubactionscore

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from individual (thboop) to org account (GitHub Actions) is a legitimate organizational change for the official @actions scope. ai
maintainer-change maintainer-added AI (maintainer-change): bdehamer and joshmgross are known GitHub employees on the Actions team; legitimate maintainer additions. ai
provenance no-provenance AI (provenance): Legitimate, high-download GitHub Actions package published before Sigstore provenance was widely adopted. No-provenance is expected for this package's era. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @actions/core is the official GitHub Actions core lib (9.2M downloads, 2448 days old). Levenshtein match to 'cors' is a false positive. ai

Versions (showing 11 of 11)

Version Deps Published
3.0.1 2 / 1
3.0.0 2 / 1
2.0.3 2 / 1
2.0.2 2 / 1
2.0.1 2 / 1
2.0.0 2 / 1
1.11.1 2 / 1
1.11.0 2 / 1
1.10.1 2 / 2
1.10.0 2 / 2
1.9.1 2 / 2