@algolia/logger-console

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

haroenvshortcutseric-zahariafluf

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Established Algolia monorepo package with clear official GitHub repo URL; missing gitHead reflects a publish environment change, not a supply chain compromise.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation — this is a CI/CD migration for the official Algolia monorepo, not a compromise.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are Algolia team members; normal team evolution for a large org package with 2300+ day history.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removal is consistent with team changes at Algolia; no compromise indicators given SLSA provenance and official repo.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): @algolia/client-common is a first-party Algolia package from the same monorepo at the same version (5.51.0), replacing @algolia/logger-common as part of v5 refactoring.	ai	2026/04/24

Versions (showing 51 of 138)

View all versions

Version	Deps	Published
5.53.0	1 / 8	2026-05-29
5.52.1	1 / 8	2026-05-05
5.52.0	1 / 8	2026-04-30
5.51.0	1 / 8	2026-04-22
5.50.2	1 / 8	2026-04-14
5.50.1	1 / 8	2026-04-01
5.50.0	1 / 8	2026-03-24
5.49.2	1 / 8	2026-03-09
5.49.1	1 / 8	2026-02-24
5.49.0	1 / 8	2026-02-18
5.48.2	1 / 8	2026-02-17
5.48.1	1 / 8	2026-02-12
5.48.0	1 / 8	2026-02-05
5.47.0	1 / 8	2026-01-20
5.46.4	1 / 8	2026-01-20
5.46.3	1 / 8	2026-01-13
5.46.2	1 / 8	2025-12-23
5.46.1	1 / 8	2025-12-17
5.46.0	1 / 8	2025-12-04
5.45.0	1 / 8	2025-11-24
5.44.0	1 / 8	2025-11-14
5.43.0	1 / 8	2025-11-07
5.42.0	1 / 8	2025-10-30
5.41.0	1 / 8	2025-10-22
5.40.1	1 / 8	2025-10-15
5.40.0	1 / 8	2025-10-07
5.39.0	1 / 8	2025-09-26
5.38.0	1 / 8	2025-09-24
5.37.0	1 / 8	2025-09-03
5.36.0	1 / 8	2025-08-26
5.35.0	1 / 8	2025-07-29
5.34.1	1 / 8	2025-07-23
5.34.0	1 / 8	2025-07-17
5.33.0	1 / 8	2025-07-15
5.32.0	1 / 8	2025-07-08
5.31.0	1 / 8	2025-07-07
5.30.0	1 / 8	2025-07-01
5.29.0	1 / 8	2025-06-19
5.28.0	1 / 8	2025-06-17
5.27.0	1 / 8	2025-06-05
5.26.0	1 / 8	2025-06-04
5.25.0	1 / 8	2025-05-12
5.24.0	1 / 8	2025-04-30
5.23.4	1 / 8	2025-04-14
5.23.3	1 / 8	2025-04-07
5.23.2	1 / 8	2025-04-03
5.23.1	1 / 8	2025-04-01
5.23.0	1 / 8	2025-03-25
5.22.0	1 / 8	2025-03-24
5.21.0	1 / 8	2025-03-11
5.20.4	1 / 8	2025-03-05

v5.53.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.52.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.52.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.51.0

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-04-22) provenance

This version was published by a different npm account than previous versions on 2026-04-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.50.2

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-04-14) provenance

This version was published by a different npm account than previous versions on 2026-04-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.50.1

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-04-01) provenance

This version was published by a different npm account than previous versions on 2026-04-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.50.0

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-03-24) provenance

This version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.49.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.49.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.49.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.48.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.48.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.48.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.47.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.46.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.46.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.46.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.46.1

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: shortcuts → GitHub Actions (on 2025-12-17) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.