@angular-devkit/architect
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used as a standard CJS→ESM dynamic import shim in Angular CLI; input is a controlled module path, not arbitrary user input. Stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@angular-devkit/core | AI (dependencies): @angular-devkit/core is a sibling package from the same Angular CLI monorepo, published by the same google-wombot account. Stable false positive for this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used for legitimate job handler loading via registry lookup; not arbitrary code execution. | ai |
Versions (showing 51 of 529)
| Version | Deps | Published |
|---|---|---|
| 0.2102.13 | 2 / 0 | |
| 0.2102.12 | 2 / 0 | |
| 0.2102.11 | 2 / 0 | |
| 0.2102.10 | 2 / 0 | |
| 0.2102.9 | 2 / 0 | |
| 0.2102.8 | 2 / 0 | |
| 0.2102.7 | 2 / 0 | |
| 0.2102.6 | 2 / 0 | |
| 0.2102.5 | 2 / 0 | |
| 0.2102.4 | 2 / 0 | |
| 0.2102.3 | 2 / 0 | |
| 0.2102.2 | 2 / 0 | |
| 0.2102.1 | 2 / 0 | |
| 0.2102.0 | 2 / 0 | |
| 0.2101.5 | 2 / 0 | |
| 0.2101.4 | 2 / 0 | |
| 0.2101.3 | 2 / 0 | |
| 0.2101.2 | 2 / 0 | |
| 0.2101.1 | 2 / 0 | |
| 0.2101.0 | 2 / 0 | |
| 0.2100.6 | 2 / 0 | |
| 0.2100.5 | 2 / 0 | |
| 0.2100.4 | 2 / 0 | |
| 0.2100.3 | 2 / 0 | |
| 0.2100.2 | 2 / 0 | |
| 0.2100.1 | 2 / 0 | |
| 0.2100.0 | 2 / 0 | |
| 0.2003.26 | 2 / 0 | |
| 0.2003.25 | 2 / 0 | |
| 0.2003.24 | 2 / 0 | |
| 0.2003.23 | 2 / 0 | |
| 0.2003.22 | 2 / 0 | |
| 0.2003.21 | 2 / 0 | |
| 0.2003.20 | 2 / 0 | |
| 0.2003.19 | 2 / 0 | |
| 0.2003.18 | 2 / 0 | |
| 0.2003.17 | 2 / 0 | |
| 0.2003.16 | 2 / 0 | |
| 0.2003.15 | 2 / 0 | |
| 0.2003.14 | 2 / 0 | |
| 0.2003.13 | 2 / 0 | |
| 0.2003.12 | 2 / 0 | |
| 0.2003.11 | 2 / 0 | |
| 0.2003.10 | 2 / 0 | |
| 0.2003.9 | 2 / 0 | |
| 0.2003.8 | 2 / 0 | |
| 0.2003.7 | 2 / 0 | |
| 0.2003.6 | 2 / 0 | |
| 0.2003.5 | 2 / 0 | |
| 0.2003.4 | 2 / 0 | |
| 0.2003.3 | 2 / 0 |
v0.2102.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2102.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2102.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2102.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2101.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2100.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2003.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2003.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2003.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2003.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2003.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.