@libp2p/multistream-select No license 21 versions

@libp2p/multistream-select

npm Repository Homepage

21

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

daviddiasalanshawachingbrainvascosantosnpm-service-account-libp2pjacobheun

Keywords

ipfslibp2pmultistreamprotocolstream

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): achingbrain is the known primary libp2p maintainer with 1248 approved versions; transition from npm-service-account-libp2p to personal account is a legitimate and expected pattern for this ecosystem.	ai	2026/04/26
dependencies	unvetted-dep:@libp2p/utils	AI (dependencies): @libp2p/utils is a core libp2p ecosystem package from the official js-libp2p monorepo; expected dependency for this package across all versions.	ai	2026/04/25
dependencies	unvetted-dep:it-length-prefixed	AI (dependencies): it-length-prefixed is a well-known IPFS/libp2p ecosystem utility for length-prefixed streams; stable and expected dependency for multistream-select.	ai	2026/04/25

Versions (showing 21 of 21)

Version	Deps	Published
7.0.21	5 / 7	2026-05-31
7.0.20	5 / 7	2026-05-16
7.0.19	5 / 7	2026-05-11
7.0.18	5 / 7	2026-04-25
7.0.17	5 / 7	2026-04-17
7.0.15	5 / 7	2026-04-08
7.0.14	5 / 7	2026-03-28
7.0.13	5 / 7	2026-03-13
7.0.12	5 / 7	2026-03-03
7.0.11	5 / 7	2026-03-01
7.0.10	5 / 7	2026-01-16
7.0.9	5 / 7	2025-11-14
7.0.8	5 / 7	2025-11-13
7.0.7	5 / 7	2025-10-29
7.0.6	5 / 7	2025-10-23
7.0.5	5 / 7	2025-10-03
7.0.4	5 / 7	2025-10-02
7.0.3	5 / 7	2025-10-01
7.0.2	5 / 7	2025-09-27
7.0.1	5 / 7	2025-09-24
7.0.0	5 / 7	2025-09-24

v7.0.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.13

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.12

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-03) provenance

This version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.11

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.10

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-01-16) provenance

This version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.