@camunda/e2e-test-suite
End-to-end test helpers for Camunda 8
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Lack of provenance is common (88% of npm); not a security concern for this internal test package. | ai | |
| phantom-deps | phantom-dep:unzipper | AI (phantom-deps): Test suite dependency used in config/setup; indirect usage is normal for test utilities. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): Test suite dependency used in config/setup; indirect usage is normal for test utilities. | ai | |
| phantom-deps | phantom-dep:node-fetch | AI (phantom-deps): Test suite dependency used in config/setup; indirect usage is normal for test utilities. | ai | |
| phantom-deps | phantom-dep:@axe-core/playwright | AI (phantom-deps): Test suite dependency used in config/setup; indirect usage is normal for test utilities. | ai | |
| bogus-package | bogus-package | AI (bogus-package): README link density is consistent with an internal Camunda E2E test suite linking to docs/resources. Not a phishing indicator for this scoped package. | ai | |
| dependencies | unvetted-dep:@axe-core/playwright | AI (dependencies): @axe-core/playwright is Deque Systems' accessibility testing library, a reputable and widely-used package for E2E testing. | ai | |
| dependencies | unvetted-dep:mailslurp-client | AI (dependencies): mailslurp-client is a standard email testing API client, appropriate for E2E test suites. No malicious signals. | ai |
Versions (showing 100 of 362)
| Version | Deps | Published |
|---|---|---|
| 0.0.500 | 6 / 20 | |
| 0.0.499 | 6 / 20 | |
| 0.0.498 | 6 / 20 | |
| 0.0.497 | 6 / 20 | |
| 0.0.496 | 6 / 20 | |
| 0.0.495 | 6 / 20 | |
| 0.0.494 | 6 / 20 | |
| 0.0.493 | 6 / 20 | |
| 0.0.492 | 6 / 20 | |
| 0.0.491 | 6 / 20 | |
| 0.0.490 | 6 / 20 | |
| 0.0.489 | 6 / 20 | |
| 0.0.488 | 6 / 20 | |
| 0.0.487 | 6 / 20 | |
| 0.0.486 | 6 / 20 | |
| 0.0.485 | 6 / 20 | |
| 0.0.484 | 6 / 20 | |
| 0.0.483 | 6 / 20 | |
| 0.0.482 | 6 / 20 | |
| 0.0.481 | 6 / 20 | |
| 0.0.480 | 6 / 20 | |
| 0.0.479 | 6 / 20 | |
| 0.0.478 | 6 / 20 | |
| 0.0.477 | 6 / 20 | |
| 0.0.476 | 6 / 20 | |
| 0.0.475 | 6 / 20 | |
| 0.0.474 | 6 / 20 | |
| 0.0.473 | 6 / 20 | |
| 0.0.472 | 6 / 20 | |
| 0.0.471 | 6 / 20 | |
| 0.0.470 | 6 / 20 | |
| 0.0.469 | 6 / 20 | |
| 0.0.468 | 6 / 20 | |
| 0.0.467 | 6 / 20 | |
| 0.0.466 | 6 / 20 | |
| 0.0.465 | 6 / 20 | |
| 0.0.464 | 6 / 20 | |
| 0.0.463 | 6 / 20 | |
| 0.0.462 | 6 / 20 | |
| 0.0.461 | 6 / 20 | |
| 0.0.460 | 6 / 20 | |
| 0.0.459 | 6 / 20 | |
| 0.0.458 | 6 / 20 | |
| 0.0.457 | 6 / 20 | |
| 0.0.456 | 6 / 20 | |
| 0.0.455 | 6 / 20 | |
| 0.0.454 | 6 / 20 | |
| 0.0.453 | 6 / 20 | |
| 0.0.452 | 6 / 20 | |
| 0.0.450 | 6 / 20 | |
| 0.0.449 | 6 / 20 | |
| 0.0.448 | 6 / 20 | |
| 0.0.447 | 6 / 20 | |
| 0.0.445 | 6 / 20 | |
| 0.0.444 | 6 / 20 | |
| 0.0.443 | 6 / 20 | |
| 0.0.442 | 6 / 20 | |
| 0.0.440 | 6 / 20 | |
| 0.0.436 | 6 / 20 | |
| 0.0.435 | 6 / 20 | |
| 0.0.432 | 6 / 20 | |
| 0.0.431 | 6 / 20 | |
| 0.0.428 | 6 / 20 | |
| 0.0.424 | 6 / 20 | |
| 0.0.421 | 6 / 20 | |
| 0.0.420 | 6 / 20 | |
| 0.0.419 | 6 / 20 | |
| 0.0.417 | 6 / 20 | |
| 0.0.416 | 6 / 20 | |
| 0.0.415 | 6 / 20 | |
| 0.0.413 | 6 / 20 | |
| 0.0.412 | 6 / 20 | |
| 0.0.411 | 6 / 20 | |
| 0.0.410 | 6 / 20 | |
| 0.0.408 | 6 / 20 | |
| 0.0.405 | 6 / 20 | |
| 0.0.403 | 6 / 20 | |
| 0.0.402 | 6 / 20 | |
| 0.0.401 | 6 / 20 | |
| 0.0.399 | 6 / 20 | |
| 0.0.398 | 6 / 20 | |
| 0.0.396 | 6 / 20 | |
| 0.0.392 | 6 / 20 | |
| 0.0.390 | 6 / 20 | |
| 0.0.389 | 6 / 20 | |
| 0.0.386 | 6 / 20 | |
| 0.0.384 | 6 / 20 | |
| 0.0.382 | 6 / 20 | |
| 0.0.381 | 6 / 20 | |
| 0.0.380 | 6 / 20 | |
| 0.0.378 | 6 / 20 | |
| 0.0.376 | 6 / 20 | |
| 0.0.374 | 6 / 20 | |
| 0.0.373 | 6 / 20 | |
| 0.0.368 | 6 / 20 | |
| 0.0.366 | 6 / 20 | |
| 0.0.365 | 6 / 20 | |
| 0.0.364 | 6 / 20 | |
| 0.0.361 | 6 / 20 | |
| 0.0.359 | 6 / 20 |
v0.0.500
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.499
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.498
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.497
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.496
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.495
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.494
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.493
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.492
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.491
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.490
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.489
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.488
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.487
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.486
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.485
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.484
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.483
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.482
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.481
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.480
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.479
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.478
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.477
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.476
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.475
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.474
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.473
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.472
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.471
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.470
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.468
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.467
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.466
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.465
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.464
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.463
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.462
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.460
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.459
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.458
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.457
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.456
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.455
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.454
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.453
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.452
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.450
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.449
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.448
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.447
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.445
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.444
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.443
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.442
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.440
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.436
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.435
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.432
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.431
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.428
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.424
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.421
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.420
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.419
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.417
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.416
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.415
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.413
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.412
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.411
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.410
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.408
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.405
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.403
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.402
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.401
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.399
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.398
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.396
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.392
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.390
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.389
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.386
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.384
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.382
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.381
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.380
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.378
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.376
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.374
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.373
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.368
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.366
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.365
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.364
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.361
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.359
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.