@ngneat/falso
All the Fake Data for All Your Real Needs
51
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
netanel-ngneat
Keywords
fakefake datarandom datamock datajs mockmocks
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:i18n/ru/index.cjs | AI (source-diff): Bundled fake-data arrays (Russian locale names/words) in CJS format; not obfuscation. Standard for this data-generation library. | ai | |
| source-diff | obfuscated-file:index.js | AI (source-diff): ESM bundle containing fake-data string arrays. Standard minified build output for this library. | ai | |
| source-diff | obfuscated-file:i18n/ru/index.js | AI (source-diff): ESM bundle of Russian locale fake data; long lines are string arrays, not obfuscation. | ai | |
| source-diff | obfuscated-file:index.cjs | AI (source-diff): Bundled CJS output containing fake-data string arrays. Long lines from data arrays, not obfuscation. | ai | |
| provenance | missing-githead | AI (provenance): Fake data library with consistent publisher; missing gitHead is a toolchain artifact, not a security concern for this established package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Fake data library bundles extensive datasets and utilities; large file counts and sizes are normal for this package. | ai | |
| provenance | no-provenance | AI (provenance): Informational finding; no provenance attestation is common and not a security risk for this established package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from netanel-ngneat to shahar.kazaz is a legitimate transition within the @ngneat org; both are known maintainers. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): pravatar.cc is a well-known avatar placeholder service; expected in a fake data generation library. | ai |
Versions (showing 51 of 67)
| Version | Deps | Published |
|---|---|---|
| 8.0.2 | 2 / 2 | |
| 8.0.1 | 2 / 2 | |
| 8.0.0 | 2 / 2 | |
| 7.4.0 | 2 / 2 | |
| 7.3.0 | 2 / 2 | |
| 7.2.0 | 2 / 2 | |
| 7.1.1 | 2 / 2 | |
| 7.1.0 | 2 / 2 | |
| 7.0.1 | 2 / 2 | |
| 7.0.0 | 2 / 2 | |
| 6.4.0 | 2 / 2 | |
| 6.3.2 | 2 / 2 | |
| 6.3.1 | 2 / 2 | |
| 6.3.0 | 2 / 2 | |
| 6.2.0 | 2 / 2 | |
| 6.1.0 | 2 / 2 | |
| 6.0.3 | 2 / 2 | |
| 6.0.2 | 2 / 2 | |
| 6.0.1 | 2 / 2 | |
| 6.0.0 | 2 / 2 | |
| 5.7.0 | 2 / 2 | |
| 5.6.1 | 2 / 2 | |
| 5.6.0 | 2 / 2 | |
| 5.5.0 | 2 / 2 | |
| 5.4.1 | 2 / 2 | |
| 5.4.0 | 2 / 2 | |
| 5.3.0 | 2 / 2 | |
| 5.2.1 | 2 / 2 | |
| 5.2.0 | 2 / 2 | |
| 5.1.0 | 2 / 2 | |
| 5.0.1 | 2 / 2 | |
| 5.0.0 | 2 / 2 | |
| 4.0.0 | 2 / 2 | |
| 3.1.0 | 2 / 2 | |
| 3.0.0 | 2 / 2 | |
| 2.27.0 | 2 / 2 | |
| 2.26.1 | 2 / 2 | |
| 2.26.0 | 2 / 2 | |
| 2.25.1 | 2 / 2 | |
| 2.24.0 | 2 / 2 | |
| 2.23.0 | 2 / 2 | |
| 2.22.0 | 2 / 2 | |
| 2.21.0 | 2 / 2 | |
| 2.20.0 | 2 / 2 | |
| 2.19.0 | 2 / 2 | |
| 2.18.0 | 2 / 2 | |
| 2.17.0 | 2 / 2 | |
| 2.16.0 | 2 / 2 | |
| 2.15.0 | 2 / 2 | |
| 2.14.0 | 2 / 2 | |
| 2.13.0 | 2 / 2 |