@appium/base-driver No license 14 versions

@appium/base-driver

npm Repository Homepage

14

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jlippsnick.mokhnachkazucocoa

Keywords

automationjavascriptseleniumwebdriveriosandroidfirefoxostesting

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from human publisher (jlipps) to GitHub Actions CI/CD with SLSA provenance. Standard modernization for the Appium project.	ai	2026/04/26
maintainer-change	maintainer-removed	AI (maintainer-change): Routine maintainer list change in a large, well-established project (Appium). Not indicative of takeover.	ai	2026/04/26
publish-pattern	dormant-publish	AI (publish-pattern): Monorepo package; parent appium/appium repo is active. Individual packages release only when their code changes.	ai	2026/04/26
semgrep	semgrep:new-function-constructor	AI (semgrep): new Function() is used to compile a developer-controlled HTTP log format string into a formatter function — a standard logging middleware pattern, not a runtime injection risk.	ai	2026/04/25
dependencies	unvetted-dep:http-status-codes	AI (dependencies): Widely-used, well-known HTTP status code utility library with no known security issues.	ai	2026/04/25
dependencies	unvetted-dep:@appium/types	AI (dependencies): First-party Appium package from the same monorepo; legitimate and well-maintained.	ai	2026/04/25
dependencies	unvetted-dep:@appium/support	AI (dependencies): First-party Appium package from the same monorepo; legitimate and well-maintained.	ai	2026/04/25

Versions (showing 14 of 14)

Version	Deps	Published
10.6.0	16 / 0	2026-05-31
10.5.2	18 / 0	2026-05-07
10.5.1	18 / 0	2026-05-06
10.5.0	18 / 0	2026-05-06
10.4.0	18 / 0	2026-04-23
10.3.0	18 / 0	2026-04-09
10.2.2	18 / 0	2026-03-09
10.2.1	18 / 0	2026-03-08
10.2.0	18 / 0	2026-01-26
10.1.2	19 / 0	2025-12-04
10.1.1	19 / 0	2025-11-12
10.1.0	19 / 0	2025-10-08
10.0.1	19 / 0	2025-09-09
10.0.0	19 / 0	2025-08-18

v10.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.2

2 findings

HIGH Publisher changed: jlipps → GitHub Actions (on 2026-03-09) provenance

This version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.1

2 findings

HIGH Publisher changed: jlipps → GitHub Actions (on 2026-03-08) provenance

This version was published by a different npm account than previous versions on 2026-03-08. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.