@octokit/openapi-webhooks-types No license 5 versions

@octokit/openapi-webhooks-types

npm Repository Homepage

5

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

octokitbot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	dormant-publish	AI (publish-pattern): Generated types package; publish cadence follows upstream OpenAPI spec changes, not regular schedule.	ai	2026/05/09
email-domain	unclaimed-email:wolfy1339.com	AI (email-domain): wolfy1339 is a known Octokit org maintainer; domain lapse is not a takeover signal here.	ai	2026/05/09
provenance	slsa-provenance	AI (provenance): Octokit packages are consistently published via CI/CD with SLSA provenance; this is a stable, expected signal for this package family.	ai	2026/04/26

Versions (showing 5 of 5)

Version	Deps	Published
12.1.0	0 / 0	2025-12-03
12.0.3	0 / 0	2025-06-05
12.0.2	0 / 0	2025-06-05
12.0.1	0 / 0	2025-06-04
12.0.0	0 / 0	2025-06-04

v12.1.0

2 findings

HIGH Unclaimed maintainer email domain: wolfy1339.com email-domain

Maintainer email '[email protected]' uses domain 'wolfy1339.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.3

2 findings

HIGH Unclaimed maintainer email domain: wolfy1339.com email-domain

Maintainer email '[email protected]' uses domain 'wolfy1339.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.2

2 findings

HIGH Unclaimed maintainer email domain: wolfy1339.com email-domain

Maintainer email '[email protected]' uses domain 'wolfy1339.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.1

2 findings

HIGH Unclaimed maintainer email domain: wolfy1339.com email-domain

Maintainer email '[email protected]' uses domain 'wolfy1339.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.0

2 findings

HIGH Unclaimed maintainer email domain: wolfy1339.com email-domain

Maintainer email '[email protected]' uses domain 'wolfy1339.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.