@antfu/utils

Opinionated collection of common JavaScript / TypeScript utils by @antfu

Supply chain provenance

Status for the latest visible version.

Maintainers

Keywords

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Legitimate migration from manual npm publish to GitHub Actions CI/CD, confirmed by SLSA provenance attestation.	ai	2026/04/21
provenance	missing-githead	AI (provenance): Expected side effect of publishing via GitHub Actions CI/CD rather than manual npm publish.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): antfu is a prominent OSS maintainer; spam flag is a clear false positive.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Established package with 3.7M weekly downloads and 46 versions; lack of Sigstore provenance is common and not a risk signal here.	ai	2026/04/21

Version	Deps	Published
9.3.0	0 / 13	2025-10-06
9.2.1	0 / 13	2025-09-19
9.2.0	0 / 13	2025-04-02
9.1.0	0 / 13	2025-02-17
9.0.0	0 / 13	2025-02-15
8.1.1	0 / 19	2025-02-15
8.1.0	0 / 19	2025-01-14
8.0.0	0 / 19	2025-01-09
0.7.10	0 / 20	2024-06-25
0.7.8	0 / 20	2024-05-08
0.7.7	0 / 20	2023-12-10
0.7.6	0 / 19	2023-08-14
0.7.5	0 / 19	2023-07-02
0.7.4	0 / 19	2023-05-31
0.7.3	0 / 19	2023-05-30