@genesislcap/foundation-testing
Genesis Foundation Testing
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:lighthouse | AI (dependencies): lighthouse is an intentional runtime dep for playwright-lighthouse integration in this testing package. | ai | |
| phantom-deps | phantom-dep:lighthouse | AI (phantom-deps): lighthouse is a peer/config dep for playwright-lighthouse integration; not directly imported by design. | ai |
Versions (showing 6 of 216)
| Version | Deps | Published |
|---|---|---|
| 14.354.1 | 11 / 3 | |
| 14.354.0 | 11 / 3 | |
| 14.353.5 | 11 / 3 | |
| 14.353.4 | 11 / 3 | |
| 14.353.3 | 11 / 3 | |
| 14.353.2 | 11 / 3 |
v14.354.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.354.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.353.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.353.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.353.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.353.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.