@bevry/update-contributors
Update the package.json author, contributors, and maintainers fields with the latest remote data
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:kava | AI (phantom-deps): Bevry ecosystem dev tooling listed in both deps and devDeps; referenced only in config/scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:surge | AI (phantom-deps): Deployment tool listed in both deps and devDeps; referenced only in scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Standard linting tool listed in both deps and devDeps; referenced only in config/scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:typedoc | AI (phantom-deps): Doc generation tool listed in both deps and devDeps; referenced only in scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Standard formatting tool listed in both deps and devDeps; referenced only in config/scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:projectz | AI (phantom-deps): Bevry ecosystem meta tool listed in both deps and devDeps; referenced only in scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): TypeScript compiler listed in both deps and devDeps; referenced only in config/scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:assert-helpers | AI (phantom-deps): Bevry test helper listed in both deps and devDeps; referenced only in test config, not a security concern. | ai | |
| phantom-deps | phantom-dep:valid-directory | AI (phantom-deps): Bevry validation tool listed in both deps and devDeps; referenced only in scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:make-deno-edition | AI (phantom-deps): Bevry build tool listed in both deps and devDeps; referenced only in scripts, not a security concern. | ai | |
| phantom-deps | phantom-dep:eslint-config-bevry | AI (phantom-deps): Bevry eslint config listed in both deps and devDeps; referenced only in eslint config, not a security concern. | ai | |
| phantom-deps | phantom-dep:eslint-config-prettier | AI (phantom-deps): Standard eslint config listed in both deps and devDeps; referenced only in eslint config, not a security concern. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-prettier | AI (phantom-deps): Standard eslint plugin listed in both deps and devDeps; referenced only in eslint config, not a security concern. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Standard TS eslint parser listed in both deps and devDeps; referenced only in eslint config, not a security concern. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Standard TS eslint plugin listed in both deps and devDeps; referenced only in eslint config, not a security concern. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 2.0.0 | 2 / 17 | |
| 1.23.0 | 2 / 16 | |
| 1.22.0 | 2 / 17 | |
| 1.21.0 | 2 / 16 | |
| 1.20.0 | 1 / 15 | |
| 1.19.0 | 1 / 15 | |
| 1.18.0 | 1 / 15 | |
| 1.17.0 | 1 / 15 | |
| 1.16.0 | 1 / 15 | |
| 1.15.0 | 1 / 15 | |
| 1.14.0 | 1 / 15 | |
| 1.13.0 | 1 / 15 | |
| 1.12.0 | 1 / 15 | |
| 1.11.0 | 16 / 15 | |
| 1.10.0 | 1 / 15 | |
| 1.9.0 | 1 / 15 | |
| 1.8.0 | 1 / 14 | |
| 1.7.0 | 1 / 14 | |
| 1.6.0 | 1 / 14 | |
| 1.5.0 | 1 / 14 | |
| 1.4.0 | 1 / 14 | |
| 1.3.0 | 1 / 14 | |
| 1.2.0 | 1 / 14 | |
| 1.1.0 | 1 / 14 | |
| 1.0.1 | 1 / 14 | |
| 1.0.0 | 1 / 14 |
v2.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.