@phun-ky/typeof — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

phun-ky

Keywords

typesstringnumberobjectjavascripttypeofisStringisNotStringisNumberisNotNumberisBooleanisNotBooleanisUndefinedisNotUndefinedisDefinedisObjectStrictisObjectLooseisClassisBuiltInConstructorisBuiltInCallableisInstanceOfUnknownClass

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher changed to GitHub Actions as part of adopting SLSA provenance/Sigstore CI publishing. This is a documented, security-improving workflow transition for this package.	ai	2026/04/24
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by CI/CD-published release is consistent with a pipeline migration. SLSA attestation confirms legitimate automated publishing.	ai	2026/04/24
typosquat	typosquat.levenshtein:typeorm	AI (typosquat): @phun-ky/typeof is a scoped type-checking utility with 65 versions and SLSA provenance; Levenshtein match to 'typeorm' is coincidental with no brand impersonation.	ai	2026/04/24

Versions (showing 72 of 72)

Version	Deps	Published
3.0.2	0 / 33	2026-05-26
3.0.1	0 / 33	2026-05-19
3.0.0	0 / 33	2026-05-13
2.1.14	0 / 33	2026-05-13
2.1.13	0 / 33	2026-05-11
2.1.12	0 / 33	2026-05-04
2.1.11	0 / 33	2026-04-28
2.1.10	0 / 33	2026-04-14
2.1.9	0 / 33	2026-03-26
2.1.8	0 / 33	2026-03-17
2.1.7	0 / 33	2026-03-17
2.1.6	0 / 33	2026-03-10
2.1.5	0 / 33	2026-02-24
2.1.4	0 / 33	2026-02-17
2.1.3	0 / 33	2026-02-12
2.1.2	0 / 33	2026-02-12
2.1.1	0 / 33	2026-01-27
2.1.0	0 / 33	2026-01-22
2.0.19	0 / 33	2026-01-21
2.0.18	0 / 33	2026-01-13
2.0.17	0 / 33	2026-01-06
2.0.16	0 / 33	2026-01-05
2.0.15	0 / 33	2026-01-05
2.0.14	0 / 33	2025-11-25
2.0.13	0 / 33	2025-11-18
2.0.12	0 / 33	2025-11-18
2.0.11	0 / 33	2025-11-13
2.0.10	0 / 33	2025-11-03
2.0.9	0 / 33	2025-10-28
2.0.8	0 / 33	2025-10-20
2.0.7	0 / 33	2025-10-07
2.0.6	0 / 33	2025-09-30
2.0.5	0 / 33	2025-09-30
2.0.4	0 / 33	2025-09-23
2.0.3	0 / 33	2025-09-15
2.0.2	0 / 33	2025-09-09
2.0.1	0 / 33	2025-09-05
2.0.0	0 / 33	2025-09-02
1.3.0	0 / 33	2025-09-02
1.2.27	0 / 32	2025-08-26
1.2.26	0 / 32	2025-08-19
1.2.25	0 / 32	2025-08-12
1.2.24	0 / 32	2025-08-05
1.2.23	0 / 32	2025-07-29
1.2.22	0 / 32	2025-07-22
1.2.21	0 / 32	2025-07-20
1.2.20	0 / 32	2025-07-07
1.2.19	0 / 32	2025-06-23
1.2.18	0 / 32	2025-06-17
1.2.17	0 / 32	2025-06-09
1.2.16	0 / 32	2025-06-02
1.2.15	0 / 32	2025-05-26
1.2.14	0 / 32	2025-05-20
1.2.13	0 / 32	2025-05-13
1.2.12	0 / 32	2025-05-06
1.2.11	0 / 35	2025-05-05
1.2.10	0 / 35	2025-05-04
1.2.9	0 / 35	2025-05-04
1.2.8	0 / 40	2025-05-04
1.2.7	0 / 40	2025-04-29
1.2.6	0 / 40	2025-04-29
1.2.5	0 / 40	2025-04-15
1.2.4	0 / 40	2025-04-08
1.2.3	0 / 40	2025-03-03
1.2.2	0 / 40	2025-02-26
1.2.1	0 / 40	2025-02-25
1.2.0	0 / 40	2025-02-25
1.1.0	0 / 40	2025-02-25
1.0.4	0 / 41	2025-02-17
1.0.3	0 / 41	2024-11-22
1.0.2	0 / 41	2024-11-22
1.0.1	0 / 41	2024-11-22

v3.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.8

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.7

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.6

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-03-10) provenance

This version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.5

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-02-24) provenance

This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.4

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-02-17) provenance

This version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.3

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-02-12) provenance

This version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.2

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-02-12) provenance

This version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.1

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-27) provenance

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-22) provenance

This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.19

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-21) provenance

This version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.18

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-13) provenance

This version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.17

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-06) provenance

This version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.16

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-05) provenance

This version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.15

2 findings

HIGH Publisher changed: phun-ky → GitHub Actions (on 2026-01-05) provenance

This version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.