@govuk-one-login/di-ipv-cri-common-express MIT 8 versions

@govuk-one-login/di-ipv-cri-common-express

npm Repository Homepage

Express libraries and utilities for use building GOV.UK One Login Credential Issuers

8

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pcornishgdsnickheal-gdsmerlincwilsondrrnsambunce-gdsdanielmason-gdsalexws-gdscoral_gdsdancorderug-gdsdavidmcmichaelgovukmike.beeby

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is used for data type detection in linked-files middleware, not for hiding payloads.	ai	2026/04/30
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require loads a version JSON file from a config-specified app root path; not arbitrary module loading.	ai	2026/04/30
phantom-deps	phantom-dep:frameguard	AI (phantom-deps): frameguard is a legitimate security middleware dependency; phantom-dep false positive for this package.	ai	2026/04/30

Versions (showing 8 of 8)

Version	Deps	Published
15.1.0	24 / 24	2026-06-17
15.0.3	24 / 24	2026-06-11
15.0.2	24 / 24	2026-06-08
15.0.1	24 / 24	2026-06-05
15.0.0	24 / 24	2026-05-27
14.0.3	25 / 23	2026-05-12
14.0.0	26 / 23	2026-04-28
13.1.1	27 / 23	2026-04-10

v15.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.