@asamuzakjp/css-color
CSS color - Resolve and convert CSS colors.
72
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
asamuzakjp
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Major version rewrite (v2→v3) with new build pipeline (Vite, ESM/CJS/browser targets). Large file count is expected for a TypeScript library with multiple output formats and source maps. | ai | |
| source-diff | obfuscated-file:dist/browser/css-color.min.js.js | AI (source-diff): Minified browser bundle is expected for this library; generated by vite build process as documented in package.json scripts. | ai | |
| source-diff | obfuscated-file:dist/cjs/css-color.cjs | AI (source-diff): Minified CommonJS bundle generated by tsup build tool; intentional per build script. Source code available in src/ with sourcemaps provided. | ai | |
| source-diff | obfuscated-file:types/js/constant.d.ts | AI (source-diff): TypeScript declaration file with CSS color regex patterns; long lines are expected for complex regex constants, not malicious obfuscation. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): Addition of @csstools/css-tokenizer is a legitimate dependency for CSS parsing; established package from trusted ecosystem. | ai | |
| source-diff | obfuscated-file:dist/cjs/js/constant.d.cts | AI (source-diff): TypeScript declaration file with regex constants for CSS color parsing; long lines are legitimate regex patterns, not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/esm/js/constant.d.ts | AI (source-diff): TypeScript declaration file with regex constants for CSS color parsing; long lines are legitimate regex patterns, not obfuscated code. | ai | |
| dependencies | unvetted-dep:@csstools/css-parser-algorithms | AI (dependencies): Pre-existing dependency on established csstools package; no new risk introduced in this version. | ai | |
| dependencies | unvetted-dep:@csstools/css-color-parser | AI (dependencies): Pre-existing dependency on established csstools package; no new risk introduced in this version. | ai | |
| dependencies | unvetted-dep:@csstools/css-calc | AI (dependencies): Pre-existing dependency on established csstools package; no new risk introduced in this version. | ai | |
| dependencies | unvetted-dep:@csstools/css-tokenizer | AI (dependencies): Pre-existing dependency on established csstools package; no new risk introduced in this version. | ai | |
| provenance | no-provenance | AI (provenance): Publisher has strong track record (139 approved versions); provenance absence is acceptable for this trusted author. | ai |
Versions (showing 72 of 72)
| Version | Deps | Published |
|---|---|---|
| 6.0.2 | 5 / 17 | |
| 6.0.1 | 5 / 17 | |
| 6.0.0 | 5 / 17 | |
| 5.1.11 | 5 / 17 | |
| 5.1.10 | 4 / 14 | |
| 5.1.9 | 4 / 14 | |
| 5.1.8 | 4 / 14 | |
| 5.1.6 | 4 / 14 | |
| 5.1.5 | 5 / 14 | |
| 5.1.4 | 5 / 14 | |
| 5.1.1 | 5 / 14 | |
| 5.1.0 | 5 / 14 | |
| 5.0.1 | 5 / 14 | |
| 5.0.0 | 5 / 14 | |
| 4.1.2 | 5 / 15 | |
| 4.1.1 | 5 / 15 | |
| 4.1.0 | 5 / 15 | |
| 4.0.5 | 5 / 15 | |
| 4.0.4 | 5 / 15 | |
| 4.0.3 | 5 / 15 | |
| 4.0.2 | 5 / 15 | |
| 4.0.0 | 5 / 15 | |
| 3.2.0 | 5 / 15 | |
| 3.1.7 | 5 / 15 | |
| 3.1.6 | 5 / 15 | |
| 3.1.5 | 5 / 15 | |
| 3.1.4 | 5 / 15 | |
| 3.1.3 | 5 / 15 | |
| 3.1.2 | 5 / 15 | |
| 3.1.1 | 5 / 16 | |
| 3.0.15 | 5 / 16 | |
| 3.0.14 | 5 / 16 | |
| 3.0.13 | 5 / 16 | |
| 3.0.12 | 5 / 15 | |
| 3.0.10 | 5 / 15 | |
| 3.0.9 | 5 / 15 | |
| 3.0.8 | 5 / 15 | |
| 3.0.7 | 5 / 15 | |
| 3.0.6 | 5 / 15 | |
| 3.0.5 | 5 / 15 | |
| 3.0.4 | 5 / 15 | |
| 3.0.2 | 5 / 15 | |
| 3.0.1 | 5 / 15 | |
| 3.0.0 | 5 / 12 | |
| 2.8.3 | 5 / 12 | |
| 2.8.2 | 5 / 12 | |
| 2.8.1 | 5 / 12 | |
| 2.7.1 | 3 / 12 | |
| 2.7.0 | 3 / 12 | |
| 2.6.7 | 3 / 12 | |
| 2.6.6 | 3 / 12 | |
| 2.6.5 | 3 / 12 | |
| 2.6.4 | 3 / 12 | |
| 2.6.3 | 3 / 12 | |
| 2.6.2 | 3 / 12 | |
| 2.6.1 | 3 / 12 | |
| 2.6.0 | 3 / 12 | |
| 2.5.0 | 3 / 12 | |
| 2.4.0 | 3 / 12 | |
| 2.3.0 | 3 / 12 | |
| 2.2.1 | 2 / 12 | |
| 2.2.0 | 2 / 12 | |
| 2.0.1 | 2 / 12 | |
| 2.0.0 | 2 / 12 | |
| 1.1.2 | 1 / 12 | |
| 1.1.1 | 1 / 12 | |
| 1.1.0 | 0 / 13 | |
| 1.0.4 | 0 / 14 | |
| 1.0.3 | 0 / 14 | |
| 1.0.2 | 0 / 14 | |
| 1.0.1 | 0 / 13 | |
| 1.0.0 | 0 / 13 |
v6.0.2
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.1
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.