@octokit/plugin-paginate-rest
Octokit plugin to paginate REST API endpoint responses
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@octokit/types | AI (dependencies): @octokit/types is a first-party Octokit package; its use as a dependency in any @octokit/* plugin is expected and benign. | ai | |
| dependencies | unvetted-peer-dep:@octokit/core | AI (dependencies): @octokit/core is the canonical peer dependency for all Octokit plugins; its presence here is expected and benign. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 14.0.0 | 1 / 14 | |
| 13.2.1 | 1 / 14 | |
| 13.2.0 | 1 / 14 | |
| 13.1.1 | 1 / 14 | |
| 13.1.0 | 1 / 14 | |
| 13.0.1 | 1 / 14 | |
| 13.0.0 | 1 / 14 | |
| 12.0.0 | 1 / 14 | |
| 11.6.0 | 1 / 14 | |
| 11.5.0 | 1 / 14 | |
| 11.4.3 | 1 / 14 | |
| 11.4.2 | 1 / 14 | |
| 11.4.1 | 1 / 14 | |
| 9.2.2 | 1 / 16 |
v13.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.2.2
1 findingThis version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.