@storm-software/npm-tools

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed by SLSA provenance attestation; consistent with org-level automation.	ai	2026/05/29
bogus-package	bogus-package	AI (bogus-package): Established monorepo package with SLSA provenance; README signals are monorepo boilerplate artifacts, not spam.	ai	2026/04/28
phantom-deps	phantom-dep:@storm-software/config	AI (phantom-deps): Same-org dependency; likely used transitively or in type-only context within this monorepo package.	ai	2026/04/28

Versions (showing 100 of 269)

Version	Deps	Published
0.6.76	2 / 2	2026-03-16
0.6.75	2 / 2	2026-03-16
0.6.74	2 / 2	2026-03-16
0.6.73	2 / 2	2026-03-16
0.6.72	2 / 2	2026-03-16
0.6.71	2 / 2	2026-03-16
0.6.70	2 / 2	2026-03-16
0.6.69	2 / 2	2026-03-16
0.6.68	2 / 2	2026-03-16
0.6.67	2 / 2	2026-03-14
0.6.66	2 / 2	2026-03-11
0.6.65	2 / 2	2026-03-11
0.6.64	2 / 2	2026-03-11
0.6.63	2 / 2	2026-03-11
0.6.62	2 / 2	2026-03-11
0.6.61	2 / 2	2026-03-11
0.6.60	2 / 2	2026-03-11
0.6.59	2 / 2	2026-03-07
0.6.58	2 / 2	2026-03-07
0.6.57	2 / 2	2026-03-07
0.6.56	2 / 2	2026-03-07
0.6.55	2 / 2	2026-03-06
0.6.54	2 / 2	2026-03-06
0.6.53	2 / 2	2026-03-06
0.6.52	2 / 2	2026-03-06
0.6.51	2 / 2	2026-03-04
0.6.50	2 / 2	2026-03-04
0.6.49	2 / 2	2026-03-02
0.6.48	2 / 2	2026-02-28
0.6.47	2 / 2	2026-02-24
0.6.46	2 / 2	2026-02-23
0.6.45	2 / 2	2026-02-21
0.6.44	2 / 2	2026-02-20
0.6.43	2 / 2	2026-02-19
0.6.42	2 / 2	2026-02-19
0.6.41	2 / 2	2026-02-19
0.6.40	2 / 2	2026-02-18
0.6.39	2 / 2	2026-02-18
0.6.38	2 / 2	2026-01-22
0.6.37	2 / 2	2026-01-14
0.6.36	2 / 2	2026-01-14
0.6.35	2 / 2	2026-01-14
0.6.34	2 / 2	2026-01-14
0.6.33	2 / 2	2026-01-14
0.6.32	2 / 2	2025-12-30
0.6.31	2 / 2	2025-12-23
0.6.30	2 / 2	2025-12-19
0.6.29	2 / 2	2025-12-18
0.6.28	2 / 2	2025-12-18
0.6.27	2 / 2	2025-12-17
0.6.26	2 / 2	2025-12-17
0.6.25	2 / 2	2025-12-17
0.6.24	2 / 2	2025-12-16
0.6.23	2 / 2	2025-12-15
0.6.22	2 / 2	2025-12-15
0.6.21	2 / 2	2025-12-08
0.6.20	2 / 2	2025-12-08
0.6.19	2 / 2	2025-12-08
0.6.18	2 / 2	2025-12-08
0.6.17	2 / 2	2025-12-08
0.6.16	2 / 2	2025-12-08
0.6.15	2 / 2	2025-12-06
0.6.14	2 / 2	2025-12-06
0.6.13	2 / 2	2025-12-06
0.6.12	2 / 2	2025-12-05
0.6.11	2 / 2	2025-12-05
0.6.10	2 / 2	2025-12-05
0.6.9	2 / 2	2025-12-05
0.6.8	2 / 2	2025-12-05
0.6.7	2 / 2	2025-12-05
0.6.6	2 / 2	2025-11-27
0.6.5	2 / 2	2025-11-25
0.6.4	2 / 2	2025-11-21
0.6.3	2 / 2	2025-11-20
0.6.2	2 / 2	2025-11-20
0.6.1	2 / 2	2025-11-20
0.6.0	2 / 2	2025-11-20
0.5.43	2 / 2	2025-11-19
0.5.42	2 / 2	2025-11-19
0.5.41	2 / 2	2025-11-19
0.5.40	2 / 2	2025-11-16
0.5.39	2 / 2	2025-11-16
0.5.38	2 / 2	2025-11-14
0.5.37	2 / 2	2025-11-14
0.5.36	2 / 2	2025-11-13
0.5.35	2 / 2	2025-11-13
0.5.34	2 / 2	2025-11-13
0.5.33	2 / 2	2025-11-13
0.5.32	2 / 2	2025-11-13
0.5.31	2 / 2	2025-11-13
0.5.30	2 / 2	2025-11-13
0.5.29	2 / 2	2025-11-12
0.5.28	2 / 2	2025-11-12
0.5.27	2 / 2	2025-11-12
0.5.26	2 / 2	2025-11-12
0.5.25	2 / 2	2025-11-12
0.5.24	2 / 2	2025-11-10
0.5.23	2 / 2	2025-11-09
0.5.22	2 / 2	2025-11-08
0.5.21	2 / 2	2025-11-08

Showing 100 of 269 Next page →

v0.6.76

2 findings

HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-16) provenance

This version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.