@mswjs/interceptors
Low-level HTTP/HTTPS/XHR/fetch request interception library.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:xmldom | AI (dependencies): xmldom is a legitimate DOM parsing library appropriate for an HTTP/XHR interception package; its use is contextually justified and no OSV advisory was flagged for the constrained version range. | ai | |
| provenance | publisher-changed | AI (provenance): Package transitioned to GitHub Actions CI/CD publishing, backed by SLSA provenance attestation. This is a legitimate automation pattern for mature OSS projects. | ai | |
| provenance | no-provenance | AI (provenance): Established package from a trusted publisher; lack of provenance is common for packages predating Sigstore adoption and not a meaningful risk signal here. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decode appears only in a test file as a unit test fixture for a buffer-to-string utility. No malicious payload; stable false positive for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IPs appear in comments and test fixtures documenting Node.js URL parsing bugs. Expected in an HTTP interceptor library; not network exfiltration. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New large files are all *.cjs.map / *.mjs.map source maps — standard build artifacts, not injected code. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is idiomatic for accessing Symbol-keyed properties on fetch/Request objects in HTTP interceptor code. Not obfuscation — standard pattern throughout MSW interceptors. | ai |
Versions (showing 51 of 190)
| Version | Deps | Published |
|---|---|---|
| 0.41.9 | 6 / 45 | |
| 0.41.8 | 6 / 45 | |
| 0.41.7 | 6 / 45 | |
| 0.41.6 | 6 / 45 | |
| 0.41.5 | 6 / 45 | |
| 0.41.4 | 6 / 45 | |
| 0.41.3 | 6 / 45 | |
| 0.41.2 | 6 / 45 | |
| 0.41.1 | 6 / 45 | |
| 0.41.0 | 6 / 45 | |
| 0.40.0 | 6 / 45 | |
| 0.39.8 | 6 / 45 | |
| 0.39.7 | 6 / 45 | |
| 0.39.6 | 6 / 45 | |
| 0.39.5 | 6 / 45 | |
| 0.39.4 | 6 / 45 | |
| 0.39.3 | 6 / 45 | |
| 0.39.2 | 6 / 45 | |
| 0.39.1 | 6 / 45 | |
| 0.39.0 | 6 / 45 | |
| 0.38.7 | 6 / 45 | |
| 0.38.6 | 6 / 45 | |
| 0.38.5 | 7 / 44 | |
| 0.38.4 | 7 / 44 | |
| 0.38.3 | 7 / 44 | |
| 0.38.2 | 7 / 44 | |
| 0.38.1 | 7 / 44 | |
| 0.38.0 | 7 / 44 | |
| 0.37.6 | 6 / 48 | |
| 0.37.5 | 6 / 48 | |
| 0.37.4 | 6 / 48 | |
| 0.37.3 | 6 / 48 | |
| 0.37.2 | 6 / 48 | |
| 0.37.1 | 6 / 48 | |
| 0.37.0 | 6 / 48 | |
| 0.36.10 | 6 / 48 | |
| 0.36.9 | 6 / 47 | |
| 0.36.8 | 6 / 47 | |
| 0.36.7 | 6 / 47 | |
| 0.36.6 | 6 / 47 | |
| 0.36.5 | 6 / 47 | |
| 0.36.4 | 6 / 47 | |
| 0.36.3 | 6 / 47 | |
| 0.36.2 | 6 / 47 | |
| 0.36.1 | 6 / 47 | |
| 0.36.0 | 6 / 47 | |
| 0.35.9 | 6 / 47 | |
| 0.35.8 | 6 / 47 | |
| 0.35.7 | 6 / 47 | |
| 0.35.6 | 6 / 47 | |
| 0.35.5 | 6 / 47 |
v0.41.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.