← Home

@firebase/messaging-compat

npm Repository Homepage

This is the compat package that recreates the v8 APIs.

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

firebase-opsfeiyang.chengoogle-wombotchholland

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@firebase/util AI (dependencies): Sibling package from the official firebase-js-sdk monorepo; not a third-party unvetted dependency. ai
provenance no-provenance AI (provenance): Official Firebase SDK package published by Google automation account; lack of Sigstore provenance is expected for this established package family. ai
dependencies unvetted-dep:@firebase/messaging AI (dependencies): Sibling package from the official firebase-js-sdk monorepo; not a third-party unvetted dependency. ai
maintainer-change maintainer-removed AI (maintainer-change): Maintainer removal is consistent with consolidation under google-wombot automated publishing; stable pattern across Firebase packages. ai
provenance publisher-changed AI (provenance): google-wombot is Google's official Firebase publishing bot; transition from named engineer to bot account is standard Google/Firebase practice, not a takeover signal. ai
bogus-package bogus-package AI (bogus-package): This is a Firebase SDK monorepo sub-package; short README and no keywords are expected for internal scoped packages, not spam indicators. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is declared as a direct dependency in package.json; phantom-dep flag is a false positive for this TypeScript-compiled package. ai

Versions (showing 100 of 279)

Hide prereleases
Version Deps Published
0.2.27 4 / 5
0.2.26 4 / 5
0.2.25 4 / 5
0.2.24 4 / 5
0.2.23 4 / 5
0.2.22 4 / 5
0.2.21 4 / 5
0.2.20 4 / 5
0.2.19 4 / 5
0.2.18 4 / 5
0.2.17 4 / 5
0.2.16 4 / 5
0.2.15 4 / 5
0.2.14 4 / 5
0.2.13 4 / 5
0.2.12 4 / 5
0.2.11 4 / 5
0.2.10 4 / 5
0.2.9 4 / 5
0.2.8 4 / 5
0.2.7 4 / 5
0.2.6 4 / 5
0.2.5 4 / 5
0.2.4 4 / 5
0.2.3 4 / 5
0.2.2 4 / 5
0.2.1 4 / 5
0.2.0 4 / 5
0.1.21 4 / 5
0.1.20 4 / 5
0.1.19 4 / 5
0.1.18 4 / 5
0.1.17 4 / 5
0.1.16 4 / 5
0.1.15 4 / 5
0.1.14 4 / 5
0.1.13 4 / 5
0.1.12 4 / 5
0.1.11 4 / 5
0.1.10 4 / 5
0.1.9 4 / 5
0.1.8 4 / 5
0.1.7 4 / 5
0.1.6 4 / 5
0.1.5 4 / 5
0.1.4 4 / 5
0.1.3 4 / 5
0.1.2 4 / 5
0.1.1 4 / 5
0.1.0 4 / 5
0.2.25-canary.f4e0086e3 4 / 5
0.2.25-canary.bfb9accdc 4 / 5
0.2.25-canary.ba0bc39bb 4 / 5
0.2.25-canary.742e17a8e 4 / 5
0.2.25-canary.44ad4cc2e 4 / 5
0.2.25-20260317152345 4 / 5
0.2.24-canary.d7b182645 4 / 5
0.2.24-canary.891a0c9d4 4 / 5
0.2.24-canary.843a8d789 4 / 5
0.2.24-canary.792c61671 4 / 5
0.2.24-canary.78384d32c 4 / 5
0.2.24-canary.22476e1bc 4 / 5
0.2.24-20260224183151 4 / 5
0.2.23-firebase-studio-sdk-integration.f7536090e 4 / 5
0.2.23-firebase-studio-sdk-integration.556d1bed2 4 / 5
0.2.23-eap-firestore-pipelines.2.e4cdd2e06 4 / 5
0.2.23-eap-firestore-pipelines.1.f9c4cdec7 4 / 5
0.2.23-canary.f9aaeca46 4 / 5
0.2.23-canary.f9254b6d2 4 / 5
0.2.23-canary.f5fc6bf76 4 / 5
0.2.23-canary.f2ecae7df 4 / 5
0.2.23-canary.f0b0398eb 4 / 5
0.2.23-canary.f06cbf99b 4 / 5
0.2.23-canary.efc0117ae 4 / 5
0.2.23-canary.ea8512812 4 / 5
0.2.23-canary.e6415ddee 4 / 5
0.2.23-canary.e4b2890fd 4 / 5
0.2.23-canary.e25317f9f 4 / 5
0.2.23-canary.d818df4e8 4 / 5
0.2.23-canary.d7c311a4b 4 / 5
0.2.23-canary.d5ff5a4b1 4 / 5
0.2.23-canary.d4b22a872 4 / 5
0.2.23-canary.d1d898f55 4 / 5
0.2.23-canary.ccbf7ba36 4 / 5
0.2.23-canary.cc605e728 4 / 5
0.2.23-canary.cbef6c6e5 4 / 5
0.2.23-canary.cb3bdd812 4 / 5
0.2.23-canary.c8263c471 4 / 5
0.2.23-canary.c5f08a9bc 4 / 5
0.2.23-canary.c4a3a5643 4 / 5
0.2.23-canary.c48b47674 4 / 5
0.2.23-canary.c47bd7175 4 / 5
0.2.23-canary.c1237662e 4 / 5
0.2.23-canary.bc5a7c4a7 4 / 5
0.2.23-canary.bc2b2cdea 4 / 5
0.2.23-canary.b9209dc91 4 / 5
0.2.23-canary.b7e18d0ff 4 / 5
0.2.23-canary.b2827448b 4 / 5
0.2.23-canary.b228a2ab9 4 / 5
0.2.23-canary.b10a296fa 4 / 5
Showing 100 of 279 Next page →

v0.2.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-canary.f4e0086e3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-canary.bfb9accdc

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-canary.ba0bc39bb

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-canary.742e17a8e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-canary.44ad4cc2e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.25-20260317152345

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.d7b182645

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.891a0c9d4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.843a8d789

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.792c61671

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.78384d32c

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-canary.22476e1bc

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.24-20260224183151

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-firebase-studio-sdk-integration.f7536090e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-firebase-studio-sdk-integration.556d1bed2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-eap-firestore-pipelines.2.e4cdd2e06

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-eap-firestore-pipelines.1.f9c4cdec7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.f9aaeca46

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.f9254b6d2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.f5fc6bf76

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.f2ecae7df

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.f0b0398eb

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.f06cbf99b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.efc0117ae

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.ea8512812

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.e6415ddee

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.e4b2890fd

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.e25317f9f

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.d818df4e8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.d7c311a4b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.d5ff5a4b1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.d4b22a872

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.d1d898f55

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.ccbf7ba36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.cc605e728

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.cbef6c6e5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.cb3bdd812

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.c8263c471

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.c5f08a9bc

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.c4a3a5643

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.c48b47674

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.c47bd7175

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.c1237662e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.bc5a7c4a7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.bc2b2cdea

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.b9209dc91

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.b7e18d0ff

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.23-canary.b2827448b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.b228a2ab9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.23-canary.b10a296fa

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.