@heroku/http-call
2
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
sconklinsrishtigautamllamattinaaklimaitejsullivandigsjulianduque-sfdccwallsfijanakjeffrey.estradadlira-sfntonollierdaebumleetetsuya_mttrelearysalesforce-releasesdboston528anujpandey001sripad.kulkarnikbaird-sfcbaxtersfryoneyamaadirasanammengxiao.zhaonrisarocmarcojosadirksmeiermgates-salesforceademusoyoelzoonajondaniel-sfdcdhagberg-sfbencdentonlsangalang2023marcelsfdcccaseyjoeybrown90sfsuppadadiana.doherty.sfdchritchryanbrainardrsoerensenjasoncummings-herokubrock-salesforcetkoh-sfdcgnettercoreypurcell_salesforceswapnilghosestessema-sfcjmonrealbrittany.jonesrstiltonsfnilamuthusghaffarcdwort-sfdcagatpareekaaronromeosfdckpremkumarrchanda7ftzxx-sfdc-npmcv88ekozilforceumarsfdcbeanieboindavidson-sfmingzhi-liu1258angelcampbellmandeepsfyann_ckdasofieirajashri-gurusamysudarshanhirayalex_herokusbosio_sfsarahoh2468cmcclung-npm-salesforce.comtlowrimoreptemporinitcareysmith-sfdcrobinson.mdkabanov1cgfuhrdagg-herok80bowmansheax0rdpark.herokuafraidknotdaniel.brightjdowningabhinavkouljoshwlewis-sfdcviniljaineblackk.plentyapadalalsorstokkercrosskdreyerorendhammer25tenharmsel_sfdougmcinnes-sfdchillzbot2000chap-herokumichellejhlimmbuschherokureidmixbeckychensmrutisamantaapoorvasrivsfalanp.shreyasai_harshitha_neelanlanattadreichenbergvlazukamarsheroku-front-endrichatiwariwchrisjohnsonthe7okasimonebonettisfitalucaszhoupsalimtaylor.jonesangelayoungktsforcekerry-bennettgkomminenismukudgallegossfdcdzuelke-sfdcrishabh.wasonsarassassinarajav.anandlmckenziejordaneekeydaigo-herokumimenjwadsworthsfpfuentemontes_herokubleongpaguilarjoanneyeungzli-sfmarcusblankenshipsruthichjesse.brown-sftij005tholschuh-salesforcekumardinesh2tholmes-sfdcannajohnson-sfpalakjeetkaur12sfjonnpmvjohnejinjutha.hancockmgauger_herokutdhayanandakharlowsfjhili!16abernicchiaslizcoyasuhiro-herokuanna-crosscromwellryan-sfhyunwookleematthew.rossitm-sfdhawleynkoziukherokucodydodom-sfdccsinghaus-sfdcjw-sfdcjlopezdangsinghsfdcnrenkesalesforcegenetanushree.guptabsonntag-salesforcechetankd10nicole.klusmanlcalermoheroku-johnnyecbulmanemilyhuang-herokumichael.malaveerika.wallacevalluri056hk-ankitkumarkaruna123mjoherson-sfchristopher.joseskediyal-sf
Keywords
httprequestrest
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Lazy-loading cache pattern in deps.js; loads named deps, not user-controlled input. | ai | |
| phantom-deps | phantom-dep:is-stream | AI (phantom-deps): is-stream is a declared runtime dependency in package.json; phantom-dep is a false positive here. | ai |
v5.5.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.