@manypkg/get-packages — Greenflagged

> A simple utility to get the packages from a monorepo, whether they're using Yarn, npm, Lerna, pnpm, Bun or Rush

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

manypkg-release-botemmatown

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): emmatown is a known contributor in the manypkg ecosystem; this is a legitimate maintainer transition, not a takeover.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): mitchellhamilton's removal paired with emmatown addition reflects a documented project handoff within the @manypkg org.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): @manypkg/tools is a first-party dep in the same namespace/org; added as part of a refactor that removed 5 third-party deps, reducing external surface area.	ai	2026/04/24

Versions (showing 13 of 13)

Version	Deps	Published
3.1.0	2 / 2	2025-07-25
3.0.0	2 / 2	2025-05-01
2.2.2	2 / 1	2024-06-27
2.2.1	2 / 1	2024-03-15
2.2.0	2 / 1	2023-06-09
2.1.0	2 / 1	2023-01-31
2.0.0	2 / 1	2023-01-23
1.1.3	6 / 1	2021-11-09
1.1.2	6 / 1	2021-10-28
1.1.1	5 / 1	2020-08-11
1.1.0	5 / 1	2020-06-25
1.0.1	5 / 1	2020-03-28
1.0.0	5 / 1	2020-03-07