@algolia/monitoring — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ejaldorauharoenvrayrutjesjerskasamousstherealwebbytkruggsylvainhlorrissaintgenezbroujoe-krebskombuchasylvaincrawler-teamamcdaid106devinalgoliajveneziaotomatiksarahdayanmaximehuangguitekmatthewbondshaejazcyril.descossytatsuromathouguixavdhagdavidrasemotteplnechshortcutspraagyajoshialphonsebleodaufabienmottedaltondickalgoliadhaya.bbengreenbankalgabetalg-bgastinneemmanuel.fortindylantientcheuandy_dsrobertmogosjcohonner-algoliacatalgoliaraed-algoliaaymeric.giraudetpjankowski5312eventexperiences_algoliataylorcjohnson_algoliasfaiqhinstantsearch-botflufleviwhalenabodelotmprevell97jkahoantoine.gilleswwalserbhinchley-algolialouishousiauxjsok_algoliaalg-adminhugowitmariamthiam01drodrigulnscyganek-algoliajasonberrybhcastlegavinwade12vascobettencourtmariaaalungucdhawke-algoliafelipe-bernalmorgan-algolia2sirockin_algoliajulia-francaisjcalgoaallam.algtecu23nyagudayevsamykettanijonathaningrammarioalgoliamasterstrikeoctavianiacobminjaslavkoviceric-zahariacmarguta-algoliaharsharora-algoliablaineventurinesarahdayanalgoliagavaudan-algoliamszmaj-algoliayutodalgsamyphilboothcarloscamposfredalgoliawabascript2lotfirafiklachlan.robertson

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation — a legitimate and encouraged supply chain improvement for the Algolia org.	ai	2026/04/24
provenance	slsa-provenance	AI (provenance): SLSA provenance attestation via Sigstore confirms CI/CD publishing integrity; stable positive signal for this package.	ai	2026/04/24
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by GitHub Actions migration with SLSA attestation and no material code changes is consistent with legitimate org-level workflow modernization, not takeover.	ai	2026/04/24
dependencies	unvetted-dep:@algolia/client-common	AI (dependencies): First-party Algolia dependency from the same monorepo, published in lockstep. Not a third-party or suspicious dependency.	ai	2026/04/23
dependencies	unvetted-dep:@algolia/requester-browser-xhr	AI (dependencies): First-party Algolia dependency from the same monorepo, published in lockstep. Not a third-party or suspicious dependency.	ai	2026/04/23
dependencies	unvetted-dep:@algolia/requester-fetch	AI (dependencies): First-party Algolia dependency from the same monorepo, published in lockstep. Not a third-party or suspicious dependency.	ai	2026/04/23
dependencies	unvetted-dep:@algolia/requester-node-http	AI (dependencies): First-party Algolia dependency from the same monorepo, published in lockstep. Not a third-party or suspicious dependency.	ai	2026/04/23

Versions (showing 96 of 96)

Version	Deps	Published
1.53.0	4 / 6	2026-05-29
1.52.1	4 / 6	2026-05-05
1.52.0	4 / 6	2026-04-30
1.51.0	4 / 6	2026-04-22
1.50.2	4 / 6	2026-04-14
1.50.1	4 / 6	2026-04-01
1.50.0	4 / 6	2026-03-24
1.49.2	4 / 6	2026-03-09
1.49.1	4 / 6	2026-02-24
1.49.0	4 / 6	2026-02-18
1.48.2	4 / 6	2026-02-17
1.48.1	4 / 6	2026-02-12
1.48.0	4 / 6	2026-02-05
1.47.0	4 / 6	2026-01-20
1.46.4	4 / 6	2026-01-20
1.46.3	4 / 6	2026-01-13
1.46.2	4 / 6	2025-12-23
1.46.1	4 / 6	2025-12-17
1.46.0	4 / 6	2025-12-04
1.45.0	4 / 6	2025-11-24
1.44.0	4 / 6	2025-11-14
1.43.0	4 / 6	2025-11-07
1.42.0	4 / 6	2025-10-30
1.41.0	4 / 6	2025-10-22
1.40.1	4 / 6	2025-10-15
1.40.0	4 / 6	2025-10-07
1.39.0	4 / 6	2025-09-26
1.38.0	4 / 6	2025-09-24
1.37.0	4 / 6	2025-09-03
1.36.0	4 / 6	2025-08-26
1.35.0	4 / 6	2025-07-29
1.34.1	4 / 6	2025-07-23
1.34.0	4 / 6	2025-07-17
1.33.0	4 / 6	2025-07-15
1.32.0	4 / 6	2025-07-08
1.31.0	4 / 6	2025-07-07
1.30.0	4 / 6	2025-07-01
1.29.0	4 / 6	2025-06-19
1.28.0	4 / 6	2025-06-17
1.27.0	4 / 6	2025-06-05
1.26.0	4 / 6	2025-06-04
1.25.0	4 / 6	2025-05-12
1.24.0	4 / 6	2025-04-30
1.23.4	4 / 6	2025-04-14
1.23.3	4 / 6	2025-04-07
1.23.2	4 / 6	2025-04-03
1.23.1	4 / 6	2025-04-01
1.23.0	4 / 6	2025-03-25
1.22.0	4 / 6	2025-03-24
1.21.0	4 / 6	2025-03-11
1.20.4	4 / 6	2025-03-05
1.20.3	4 / 6	2025-02-17
1.20.2	4 / 6	2025-02-11
1.20.1	4 / 6	2025-02-05
1.20.0	4 / 6	2025-01-22
1.19.0	4 / 6	2025-01-07
1.18.0	4 / 6	2024-12-18
1.17.1	4 / 6	2024-12-12
1.17.0	4 / 6	2024-12-11
1.16.0	4 / 6	2024-12-09
1.15.0	4 / 6	2024-11-19
1.14.2	4 / 6	2024-11-15
1.14.1	4 / 6	2024-11-15
1.14.0	4 / 6	2024-11-14
1.13.0	4 / 6	2024-11-06
1.12.0	4 / 6	2024-10-30
1.11.0	4 / 6	2024-10-29
1.10.2	4 / 6	2024-10-23
1.10.1	4 / 6	2024-10-22
1.10.0	4 / 6	2024-10-21
1.9.1	4 / 6	2024-10-18
1.9.0	4 / 6	2024-10-17
1.8.1	4 / 6	2024-10-10
1.8.0	4 / 6	2024-10-08
1.7.0	4 / 6	2024-10-01
1.6.1	4 / 6	2024-09-25
1.6.0	4 / 6	2024-09-24
1.5.3	4 / 6	2024-09-20
1.5.2	4 / 6	2024-09-19
1.5.1	4 / 6	2024-09-18
1.5.0	4 / 6	2024-09-18
1.4.3	4 / 6	2024-09-17
1.4.1	4 / 6	2024-09-12
1.4.0	4 / 6	2024-09-10
1.3.2	3 / 6	2024-09-09
1.3.1	3 / 6	2024-09-09
1.3.0	3 / 6	2024-09-06
1.2.5	3 / 6	2024-09-03
1.2.4	3 / 3	2024-09-02
1.2.3	3 / 3	2024-08-29
1.2.2	3 / 3	2024-08-29
1.2.1	3 / 3	2024-08-28
1.1.1	3 / 3	2024-08-21
1.1.0	3 / 3	2024-08-20
1.0.2	3 / 3	2024-08-19
1.0.0	3 / 3	2024-08-14

v1.53.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.52.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.52.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.51.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.50.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.50.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.50.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.2

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-03-09) provenance

This version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.1

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-02-24) provenance

This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.0

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-02-18) provenance

This version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.48.2

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-02-17) provenance

This version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.48.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.48.0

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-02-05) provenance

This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.47.0

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-01-20) provenance

This version was published by a different npm account than previous versions on 2026-01-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.46.4

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-01-20) provenance

This version was published by a different npm account than previous versions on 2026-01-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.46.3

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2026-01-13) provenance

This version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.46.2

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2025-12-23) provenance

This version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.46.1

2 findings

HIGH Publisher changed: shortcuts → GitHub Actions (on 2025-12-17) provenance

This version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.