@datadog/datadog-ci-plugin-cloud-run Apache-2.0 13 versions

@datadog/datadog-ci-plugin-cloud-run

npm Repository Homepage

Datadog CI plugin for `cloud-run` commands

13

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

datadog

Keywords

datadogdatadog-ciplugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:dist/bundle.js	AI (source-diff): dist/bundle.js is a rolldown-bundled artifact of the package's own source + deps; network calls are from bundled GCP SDK, not dropper behavior.	ai	2026/05/11
source-diff	source-size-tripled	AI (source-diff): Size increase is explained by migration from runtime deps to bundled dist; former runtime deps now appear as devDependencies.	ai	2026/05/11
source-diff	encoded-string-file:dist/bundle.js	AI (source-diff): Encoded string is the llhttp WASM binary from undici; stable legitimate pattern for this package.	ai	2026/05/08

Versions (showing 13 of 13)

Version	Deps	Published
5.18.0	0 / 8	2026-05-28
5.17.0	0 / 9	2026-05-19
5.16.1	0 / 9	2026-05-06
5.16.0	0 / 9	2026-05-01
5.15.0	0 / 9	2026-04-27
5.14.0	0 / 9	2026-04-24
5.13.1	0 / 9	2026-04-15
5.13.0	0 / 9	2026-04-13
5.12.1	8 / 0	2026-04-07
5.12.0	8 / 0	2026-04-06
5.11.0	8 / 0	2026-03-31
4.1.1	9 / 0	2025-11-03
4.1.0	9 / 0	2025-10-30

v5.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.17.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.16.1

2 findings

HIGH Long encoded string in modified file: dist/bundle.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.16.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.14.0

2 findings

HIGH New file with network + code execution: dist/bundle.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.13.1

2 findings

HIGH New file with network + code execution: dist/bundle.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.13.0

2 findings

HIGH New file with network + code execution: dist/bundle.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.12.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.