@mswjs/interceptors
Low-level HTTP/HTTPS/XHR/fetch request interception library.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:xmldom | AI (dependencies): xmldom is a legitimate DOM parsing library appropriate for an HTTP/XHR interception package; its use is contextually justified and no OSV advisory was flagged for the constrained version range. | ai | |
| provenance | publisher-changed | AI (provenance): Package transitioned to GitHub Actions CI/CD publishing, backed by SLSA provenance attestation. This is a legitimate automation pattern for mature OSS projects. | ai | |
| provenance | no-provenance | AI (provenance): Established package from a trusted publisher; lack of provenance is common for packages predating Sigstore adoption and not a meaningful risk signal here. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decode appears only in a test file as a unit test fixture for a buffer-to-string utility. No malicious payload; stable false positive for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IPs appear in comments and test fixtures documenting Node.js URL parsing bugs. Expected in an HTTP interceptor library; not network exfiltration. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New large files are all *.cjs.map / *.mjs.map source maps — standard build artifacts, not injected code. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is idiomatic for accessing Symbol-keyed properties on fetch/Request objects in HTTP interceptor code. Not obfuscation — standard pattern throughout MSW interceptors. | ai |
Versions (showing 90 of 190)
| Version | Deps | Published |
|---|---|---|
| 0.25.13 | 6 / 38 | |
| 0.25.12 | 6 / 38 | |
| 0.25.11 | 6 / 38 | |
| 0.25.10 | 6 / 38 | |
| 0.25.9 | 6 / 37 | |
| 0.25.8 | 6 / 36 | |
| 0.25.7 | 6 / 36 | |
| 0.25.6 | 6 / 36 | |
| 0.25.5 | 6 / 36 | |
| 0.25.4 | 6 / 36 | |
| 0.25.3 | 6 / 36 | |
| 0.25.2 | 6 / 36 | |
| 0.25.1 | 6 / 36 | |
| 0.25.0 | 6 / 36 | |
| 0.24.1 | 6 / 36 | |
| 0.24.0 | 6 / 36 | |
| 0.23.0 | 6 / 37 | |
| 0.22.16 | 6 / 37 | |
| 0.22.15 | 6 / 37 | |
| 0.22.14 | 6 / 37 | |
| 0.22.13 | 6 / 37 | |
| 0.22.12 | 6 / 37 | |
| 0.22.11 | 6 / 37 | |
| 0.22.10 | 7 / 37 | |
| 0.22.9 | 7 / 37 | |
| 0.22.8 | 7 / 37 | |
| 0.22.7 | 7 / 37 | |
| 0.22.6 | 7 / 37 | |
| 0.22.5 | 7 / 37 | |
| 0.22.4 | 7 / 37 | |
| 0.22.3 | 7 / 37 | |
| 0.22.2 | 7 / 37 | |
| 0.22.1 | 7 / 37 | |
| 0.22.0 | 7 / 37 | |
| 0.21.1 | 7 / 35 | |
| 0.21.0 | 6 / 35 | |
| 0.20.0 | 8 / 31 | |
| 0.19.5 | 8 / 31 | |
| 0.19.4 | 8 / 31 | |
| 0.19.3 | 8 / 31 | |
| 0.19.2 | 8 / 31 | |
| 0.19.1 | 8 / 31 | |
| 0.19.0 | 8 / 32 | |
| 0.18.3 | 8 / 32 | |
| 0.18.2 | 9 / 32 | |
| 0.18.1 | 9 / 32 | |
| 0.18.0 | 9 / 32 | |
| 0.17.10 | 8 / 32 | |
| 0.17.9 | 8 / 32 | |
| 0.17.8 | 8 / 32 | |
| 0.17.7 | 8 / 32 | |
| 0.17.6 | 8 / 32 | |
| 0.17.5 | 8 / 32 | |
| 0.17.4 | 8 / 32 | |
| 0.17.3 | 8 / 32 | |
| 0.17.2 | 7 / 32 | |
| 0.17.1 | 7 / 32 | |
| 0.17.0 | 7 / 32 | |
| 0.16.6 | 6 / 32 | |
| 0.16.5 | 6 / 32 | |
| 0.16.4 | 6 / 30 | |
| 0.16.3 | 6 / 30 | |
| 0.16.2 | 6 / 30 | |
| 0.16.1 | 6 / 30 | |
| 0.16.0 | 6 / 30 | |
| 0.15.3 | 6 / 30 | |
| 0.15.2 | 6 / 30 | |
| 0.15.1 | 6 / 30 | |
| 0.15.0 | 6 / 30 | |
| 0.14.1 | 6 / 30 | |
| 0.14.0 | 6 / 30 | |
| 0.13.6 | 6 / 29 | |
| 0.13.5 | 6 / 29 | |
| 0.13.4 | 6 / 28 | |
| 0.13.3 | 6 / 28 | |
| 0.13.2 | 6 / 28 | |
| 0.13.1 | 6 / 28 | |
| 0.13.0 | 6 / 23 | |
| 0.12.7 | 6 / 23 | |
| 0.12.6 | 6 / 23 | |
| 0.12.5 | 6 / 23 | |
| 0.12.4 | 6 / 23 | |
| 0.12.2 | 6 / 23 | |
| 0.12.0 | 5 / 23 | |
| 0.11.1 | 5 / 23 | |
| 0.11.0 | 5 / 23 | |
| 0.9.0 | 4 / 22 | |
| 0.8.1 | 4 / 22 | |
| 0.8.0 | 4 / 22 | |
| 0.7.0 | 4 / 22 |
v0.25.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.23.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.21.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.21.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.20.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.