← Home

@azure/core-http

npm Repository Homepage

Isomorphic client Runtime for Typescript/node.js/browser javascript client libraries generated using AutoRest

40
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

azure-sdkmicrosoft1es

Keywords

isomorphicbrowserjavascriptnodemicrosoftautorestclientruntimeazurecloud

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:base64-decode AI (semgrep): Buffer.from(value, 'base64') is standard Node.js base64 decoding in a legitimate HTTP client utility. Not a malicious payload; stable false positive for this package. ai
phantom-deps phantom-dep:@types/tunnel AI (phantom-deps): @types/tunnel is a TypeScript type declaration package; not directly imported at runtime by design. Stable false positive for this package. ai
phantom-deps phantom-dep:@types/node-fetch AI (phantom-deps): @types/node-fetch is a TypeScript type declaration package; not directly imported at runtime by design. Stable false positive for this package. ai
phantom-deps phantom-dep:process AI (phantom-deps): process is a Node.js polyfill for browser compatibility in this isomorphic HTTP client. Its presence as a dependency without direct import is expected and benign. ai

Versions (showing 40 of 40)

Version Deps Published
3.0.5 14 / 40
3.0.4 14 / 41
3.0.3 14 / 41
3.0.2 14 / 41
3.0.1 14 / 41
3.0.0 14 / 41
2.3.2 15 / 42
2.3.1 15 / 42
2.3.0 15 / 42
2.2.7 15 / 41
2.2.6 14 / 41
2.2.5 14 / 42
2.2.4 15 / 43
2.2.3 15 / 45
2.2.2 15 / 46
2.2.1 15 / 46
2.2.0 15 / 46
2.1.0 15 / 46
2.0.0 15 / 52
1.2.6 15 / 52
1.2.5 15 / 52
1.2.4 15 / 51
1.2.3 15 / 50
1.2.2 15 / 50
1.2.1 15 / 49
1.2.0 15 / 49
1.1.9 15 / 49
1.1.8 15 / 55
1.1.7 15 / 55
1.1.6 15 / 55
1.1.5 15 / 55
1.1.4 15 / 55
1.1.3 15 / 56
1.1.2 16 / 56
1.1.1 16 / 56
1.1.0 16 / 56
1.0.4 16 / 58
1.0.3 15 / 63
1.0.2 15 / 63
1.0.0 14 / 64

v3.0.5

2 findings
HIGH Publisher changed: azure-sdk → microsoft1es (on 2024-11-26) provenance

This version was published by a different npm account than previous versions on 2024-11-26. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.