@mswjs/interceptors
Low-level HTTP/HTTPS/XHR/fetch request interception library.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:xmldom | AI (dependencies): xmldom is a legitimate DOM parsing library appropriate for an HTTP/XHR interception package; its use is contextually justified and no OSV advisory was flagged for the constrained version range. | ai | |
| provenance | publisher-changed | AI (provenance): Package transitioned to GitHub Actions CI/CD publishing, backed by SLSA provenance attestation. This is a legitimate automation pattern for mature OSS projects. | ai | |
| provenance | no-provenance | AI (provenance): Established package from a trusted publisher; lack of provenance is common for packages predating Sigstore adoption and not a meaningful risk signal here. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decode appears only in a test file as a unit test fixture for a buffer-to-string utility. No malicious payload; stable false positive for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IPs appear in comments and test fixtures documenting Node.js URL parsing bugs. Expected in an HTTP interceptor library; not network exfiltration. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New large files are all *.cjs.map / *.mjs.map source maps — standard build artifacts, not injected code. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is idiomatic for accessing Symbol-keyed properties on fetch/Request objects in HTTP interceptor code. Not obfuscation — standard pattern throughout MSW interceptors. | ai |
Versions (showing 100 of 190)
| Version | Deps | Published |
|---|---|---|
| 0.41.9 | 6 / 45 | |
| 0.41.8 | 6 / 45 | |
| 0.41.7 | 6 / 45 | |
| 0.41.6 | 6 / 45 | |
| 0.41.5 | 6 / 45 | |
| 0.41.4 | 6 / 45 | |
| 0.41.3 | 6 / 45 | |
| 0.41.2 | 6 / 45 | |
| 0.41.1 | 6 / 45 | |
| 0.41.0 | 6 / 45 | |
| 0.40.0 | 6 / 45 | |
| 0.39.8 | 6 / 45 | |
| 0.39.7 | 6 / 45 | |
| 0.39.6 | 6 / 45 | |
| 0.39.5 | 6 / 45 | |
| 0.39.4 | 6 / 45 | |
| 0.39.3 | 6 / 45 | |
| 0.39.2 | 6 / 45 | |
| 0.39.1 | 6 / 45 | |
| 0.39.0 | 6 / 45 | |
| 0.38.7 | 6 / 45 | |
| 0.38.6 | 6 / 45 | |
| 0.38.5 | 7 / 44 | |
| 0.38.4 | 7 / 44 | |
| 0.38.3 | 7 / 44 | |
| 0.38.2 | 7 / 44 | |
| 0.38.1 | 7 / 44 | |
| 0.38.0 | 7 / 44 | |
| 0.37.6 | 6 / 48 | |
| 0.37.5 | 6 / 48 | |
| 0.37.4 | 6 / 48 | |
| 0.37.3 | 6 / 48 | |
| 0.37.2 | 6 / 48 | |
| 0.37.1 | 6 / 48 | |
| 0.37.0 | 6 / 48 | |
| 0.36.10 | 6 / 48 | |
| 0.36.9 | 6 / 47 | |
| 0.36.8 | 6 / 47 | |
| 0.36.7 | 6 / 47 | |
| 0.36.6 | 6 / 47 | |
| 0.36.5 | 6 / 47 | |
| 0.36.4 | 6 / 47 | |
| 0.36.3 | 6 / 47 | |
| 0.36.2 | 6 / 47 | |
| 0.36.1 | 6 / 47 | |
| 0.36.0 | 6 / 47 | |
| 0.35.9 | 6 / 47 | |
| 0.35.8 | 6 / 47 | |
| 0.35.7 | 6 / 47 | |
| 0.35.6 | 6 / 47 | |
| 0.35.5 | 6 / 47 | |
| 0.35.4 | 6 / 47 | |
| 0.35.3 | 6 / 47 | |
| 0.35.2 | 6 / 47 | |
| 0.35.1 | 6 / 47 | |
| 0.35.0 | 6 / 47 | |
| 0.34.3 | 6 / 47 | |
| 0.34.2 | 6 / 47 | |
| 0.34.1 | 6 / 45 | |
| 0.34.0 | 6 / 45 | |
| 0.33.3 | 6 / 45 | |
| 0.33.2 | 6 / 45 | |
| 0.33.1 | 6 / 45 | |
| 0.33.0 | 6 / 45 | |
| 0.32.2 | 6 / 45 | |
| 0.32.1 | 6 / 45 | |
| 0.32.0 | 6 / 45 | |
| 0.31.1 | 6 / 45 | |
| 0.31.0 | 6 / 45 | |
| 0.30.1 | 6 / 45 | |
| 0.30.0 | 6 / 45 | |
| 0.29.1 | 6 / 45 | |
| 0.29.0 | 6 / 45 | |
| 0.28.4 | 6 / 45 | |
| 0.28.3 | 6 / 45 | |
| 0.28.2 | 6 / 45 | |
| 0.28.1 | 6 / 45 | |
| 0.28.0 | 6 / 45 | |
| 0.27.2 | 6 / 45 | |
| 0.27.1 | 6 / 45 | |
| 0.27.0 | 6 / 45 | |
| 0.26.15 | 6 / 45 | |
| 0.26.14 | 6 / 45 | |
| 0.26.13 | 6 / 45 | |
| 0.26.12 | 6 / 45 | |
| 0.26.11 | 6 / 45 | |
| 0.26.10 | 6 / 45 | |
| 0.26.9 | 6 / 45 | |
| 0.26.8 | 6 / 45 | |
| 0.26.7 | 6 / 45 | |
| 0.26.6 | 6 / 45 | |
| 0.26.5 | 6 / 45 | |
| 0.26.4 | 6 / 45 | |
| 0.26.3 | 6 / 45 | |
| 0.26.2 | 6 / 45 | |
| 0.26.1 | 6 / 45 | |
| 0.26.0 | 6 / 45 | |
| 0.25.16 | 6 / 38 | |
| 0.25.15 | 6 / 38 | |
| 0.25.14 | 6 / 38 |
v0.41.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.34.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.34.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.34.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.33.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.33.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.33.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.33.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.32.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.32.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.32.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.