@jsonjoy.com/util — Greenflagged

Various helper utilities

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

json-joy-teamstreamich

Keywords

codegenbufferstringutf8jsonjson-brandjson-randomfuzzer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:eval-usage	AI (semgrep): eval() is an intentional, documented feature of this codegen utility package — used to compile generated JS code at runtime. This is a stable, legitimate pattern for this package.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Inflated semver and short README are expected for a monorepo sub-package synced to the parent json-joy version. Not indicative of spam or low-value content.	ai	2026/04/21
typosquat	typosquat.levenshtein:uuid	AI (typosquat): @jsonjoy.com/util is a scoped package under a known org namespace; not a typosquat of uuid. Levenshtein match is a false positive.	ai	2026/04/21

Versions (showing 43 of 43)

Version	Deps	Published
18.24.0	3 / 0	2026-05-15
18.23.0	3 / 0	2026-05-14
18.22.0	3 / 0	2026-05-14
18.21.0	3 / 0	2026-05-10
18.20.0	3 / 0	2026-05-09
18.19.0	3 / 0	2026-05-07
18.18.0	3 / 0	2026-05-07
18.15.0	3 / 0	2026-04-18
18.14.0	3 / 0	2026-04-16
18.13.0	3 / 0	2026-04-15
18.12.0	3 / 0	2026-04-12
18.11.0	3 / 0	2026-04-11
18.10.0	3 / 0	2026-04-11
18.9.0	3 / 0	2026-04-08
18.8.0	3 / 0	2026-04-07
18.7.0	3 / 0	2026-04-05
18.6.0	3 / 0	2026-04-04
18.5.0	3 / 0	2026-04-02
18.1.0	3 / 0	2026-03-21
18.0.0	3 / 0	2026-02-22
17.67.0	2 / 0	2026-02-06
17.65.0	2 / 0	2025-11-30
17.64.0	2 / 0	2025-11-30
17.63.0	2 / 0	2025-10-28
17.62.0	2 / 0	2025-10-28
17.61.1	2 / 0	2025-10-21
17.61.0	2 / 0	2025-10-20
17.60.0	2 / 0	2025-10-19
17.59.0	2 / 0	2025-10-18
1.9.0	2 / 15	2025-08-02
1.8.1	1 / 15	2025-08-01
1.8.0	0 / 15	2025-07-25
1.7.0	0 / 15	2025-07-25
1.6.0	0 / 15	2025-05-05
1.5.0	0 / 15	2024-10-06
1.4.0	0 / 15	2024-10-06
1.3.0	0 / 15	2024-07-27
1.2.0	0 / 15	2024-06-19
1.1.3	0 / 15	2024-05-08
1.1.2	0 / 15	2024-04-30
1.1.1	1 / 15	2024-04-30
1.1.0	1 / 15	2024-04-20
1.0.0	1 / 15	2024-04-09

v18.24.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.23.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.