← Home

@apideck/better-ajv-errors

npm Repository Homepage

Human-friendly JSON Schema validation for APIs

15
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

gdewildenicklloydritiksingh7samzanilagonijakeprinsgmenoiaa

Keywords

apideckajvjsonschemajson-schemaerrorshuman

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern rapid-publish AI (publish-pattern): Package has 1800+ days of history and 6.8M weekly downloads; rapid successive publishes are consistent with automated release tooling (np) used by this maintainer, not malicious activity. ai
maintainer-change maintainer-added AI (maintainer-change): Package is scoped to @apideck org; adding trinix is consistent with internal team expansion. No content changes accompany the maintainer addition. ai
dependencies unvetted-dep:jsonpointer AI (dependencies): jsonpointer is a well-known, widely-used RFC 6901 utility; its use in a JSON Schema error formatter is entirely appropriate and poses no security risk. ai
provenance no-provenance AI (provenance): Package predates widespread Sigstore provenance adoption; 1800+ day old package with 6.8M weekly downloads and clean history. Absence of provenance is not a risk signal here. ai

Versions (showing 15 of 15)

Version Deps Published
0.3.6 3 / 9
0.3.5 3 / 9
0.3.4 3 / 9
0.3.3 3 / 9
0.3.2 3 / 9
0.3.1 3 / 9
0.3.0 3 / 9
0.2.7 3 / 8
0.2.6 3 / 8
0.2.5 3 / 8
0.2.4 3 / 8
0.2.3 3 / 8
0.2.2 3 / 8
0.2.1 3 / 8
0.2.0 3 / 8

v0.3.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.