@graphql-codegen/plugin-helpers
GraphQL Code Generator common utils and types
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): theguild-bot is The Guild's established bot publisher; addition is consistent with their standard publishing workflow across the graphql-codegen ecosystem. | ai | |
| provenance | publisher-changed | AI (provenance): theguild-bot is The Guild's official automation account with a strong track record (4686 approved/0 rejected). This transition from dotansimha is a known, legitimate org-level handoff for graphql-code-generator. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() is used for legitimate dynamic module loading in resolveExternalModuleAndFn; input is a module name parameter, not user-controlled data. | ai | |
| provenance | missing-githead | AI (provenance): Trusted publisher (dotansimha) with 5382 approved packages; missing gitHead reflects a CI environment change, not a malicious publish. Repo URL is clearly specified. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper dependency; implicit usage via compiled output is expected. | ai | |
| dependencies | unvetted-dep:change-case-all | AI (dependencies): change-case-all is a well-known string utility used throughout the graphql-codegen ecosystem; pinned at 1.0.15 with no malicious signals. | ai | |
| dependencies | unvetted-dep:pascal-case | AI (dependencies): pascal-case is a well-known utility package split from change-case v4; its inclusion here is a legitimate refactor replacing the monolithic change-case dependency. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): The new deps (camel-case, lower-case, param-case, upper-case, pascal-case, constant-case) are the constituent packages of change-case v4 split — a known ecosystem pattern, not a suspicious addition. | ai | |
| phantom-deps | phantom-dep:pascal-case | AI (phantom-deps): Case-conversion utilities are referenced in config/build logic rather than direct imports; stable pattern for code generation tools. | ai | |
| phantom-deps | phantom-dep:constant-case | AI (phantom-deps): Case-conversion utilities are referenced in config/build logic rather than direct imports; stable pattern for code generation tools. | ai | |
| phantom-deps | phantom-dep:camel-case | AI (phantom-deps): Case-conversion utilities are referenced in config/build logic rather than direct imports; stable pattern for code generation tools. | ai | |
| phantom-deps | phantom-dep:lower-case | AI (phantom-deps): Case-conversion utilities are referenced in config/build logic rather than direct imports; stable pattern for code generation tools. | ai | |
| phantom-deps | phantom-dep:upper-case | AI (phantom-deps): Case-conversion utilities are referenced in config/build logic rather than direct imports; stable pattern for code generation tools. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used as a plugin loader (loading user-specified modules by name from cwd), a documented and intentional pattern for this package. | ai | |
| phantom-deps | phantom-dep:common-tags | AI (phantom-deps): Declared dependency referenced in config/re-export context; phantom-dep pattern is expected for this plugin-helpers package. | ai | |
| provenance | no-provenance | AI (provenance): Established package from a trusted publisher with 5169 approved packages; lack of Sigstore provenance is a known gap for this ecosystem, not a disqualifier. | ai | |
| phantom-deps | phantom-dep:import-from | AI (phantom-deps): import-from is a declared runtime dependency; phantom-dep flag is a false positive for this monorepo package. | ai |
Versions (showing 100 of 256)
| Version | Deps | Published |
|---|---|---|
| 7.0.1 | 5 / 0 | |
| 7.0.0 | 5 / 0 | |
| 6.3.0 | 5 / 0 | |
| 6.2.1 | 5 / 0 | |
| 6.2.0 | 6 / 0 | |
| 6.1.1 | 6 / 0 | |
| 6.1.0 | 6 / 0 | |
| 6.0.0 | 6 / 0 | |
| 5.1.1 | 6 / 0 | |
| 5.1.0 | 6 / 0 | |
| 5.0.4 | 6 / 0 | |
| 5.0.3 | 6 / 0 | |
| 5.0.2 | 6 / 0 | |
| 5.0.1 | 6 / 0 | |
| 5.0.0 | 6 / 0 | |
| 4.2.0 | 6 / 0 | |
| 4.1.0 | 6 / 0 | |
| 4.0.0 | 6 / 0 | |
| 3.1.2 | 6 / 0 | |
| 3.1.1 | 6 / 0 | |
| 3.1.0 | 6 / 0 | |
| 2.7.2 | 6 / 0 | |
| 2.7.1 | 6 / 0 | |
| 2.7.0 | 6 / 0 | |
| 2.6.2 | 6 / 0 | |
| 2.6.1 | 6 / 0 | |
| 2.6.0 | 6 / 0 | |
| 2.5.0 | 6 / 0 | |
| 2.4.2 | 6 / 0 | |
| 2.4.1 | 6 / 0 | |
| 2.4.0 | 6 / 0 | |
| 2.3.2 | 6 / 0 | |
| 2.3.1 | 6 / 0 | |
| 2.3.0 | 6 / 0 | |
| 2.2.0 | 6 / 0 | |
| 2.1.1 | 6 / 0 | |
| 2.1.0 | 6 / 0 | |
| 2.0.0 | 5 / 0 | |
| 1.18.8 | 5 / 0 | |
| 1.18.7 | 5 / 0 | |
| 1.18.6 | 5 / 0 | |
| 1.18.5 | 5 / 0 | |
| 1.18.4 | 5 / 0 | |
| 1.18.3 | 5 / 0 | |
| 1.18.2 | 11 / 0 | |
| 1.18.1 | 11 / 0 | |
| 1.18.0 | 11 / 0 | |
| 1.17.9 | 11 / 0 | |
| 1.17.8 | 11 / 0 | |
| 1.17.7 | 11 / 0 | |
| 1.17.6 | 11 / 0 | |
| 1.17.5 | 11 / 0 | |
| 1.17.4 | 11 / 0 | |
| 1.17.3 | 10 / 0 | |
| 1.17.2 | 10 / 0 | |
| 1.17.1 | 10 / 0 | |
| 1.17.0 | 10 / 0 | |
| 1.16.3 | 10 / 0 | |
| 1.16.2 | 10 / 0 | |
| 1.16.1 | 10 / 0 | |
| 1.16.0 | 10 / 0 | |
| 1.15.4 | 10 / 0 | |
| 1.15.3 | 10 / 0 | |
| 1.15.2 | 10 / 0 | |
| 1.15.1 | 10 / 0 | |
| 1.15.0 | 10 / 0 | |
| 1.14.0 | 10 / 0 | |
| 1.13.5 | 10 / 0 | |
| 1.13.4 | 10 / 0 | |
| 1.13.3 | 10 / 0 | |
| 1.13.2 | 10 / 0 | |
| 1.13.1 | 10 / 0 | |
| 1.13.0 | 10 / 0 | |
| 1.12.2 | 10 / 0 | |
| 1.12.1 | 10 / 0 | |
| 1.12.0 | 10 / 0 | |
| 1.11.2 | 10 / 0 | |
| 1.11.1 | 10 / 0 | |
| 1.11.0 | 10 / 0 | |
| 1.10.0 | 9 / 0 | |
| 1.9.1 | 5 / 0 | |
| 1.9.0 | 3 / 0 | |
| 1.8.3 | 5 / 3 | |
| 1.8.2 | 4 / 3 | |
| 1.8.1 | 4 / 3 | |
| 1.8.0 | 4 / 3 | |
| 1.7.0 | 4 / 1 | |
| 1.6.1 | 4 / 1 | |
| 1.6.0 | 4 / 1 | |
| 1.5.0 | 4 / 1 | |
| 1.4.0 | 4 / 1 | |
| 1.3.1 | 4 / 1 | |
| 1.3.0 | 4 / 1 | |
| 1.2.1 | 4 / 1 | |
| 1.2.0 | 4 / 1 | |
| 1.1.3 | 4 / 1 | |
| 1.1.1 | 4 / 1 | |
| 1.1.0 | 4 / 1 | |
| 1.0.7 | 4 / 1 | |
| 1.0.6 | 4 / 1 |
v7.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.3.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-13. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-04. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.0
2 findingsThis version was published by a different npm account than previous versions on 2025-11-20. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
2 findingsThis version was published by a different npm account than previous versions on 2025-09-07. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.1.1
2 findingsThis version was published by a different npm account than previous versions on 2025-06-05. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.16.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.16.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.16.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.2
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
v1.12.1
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
v1.12.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
v1.11.2
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
v1.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: dotansimha.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.