@storm-software/untyped
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:bin/untyped.cjs | AI (source-diff): Base64 string is llhttp WASM binary bundled via undici — standard pattern, not obfuscation. | ai | |
| source-diff | encoded-string-file:bin/untyped.js | AI (source-diff): Same llhttp WASM base64 blob in ESM build; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:nx | AI (phantom-deps): nx is declared as a dependency and referenced in config/CLI files; not a security concern for this build utility package. | ai | |
| dependencies | unvetted-dep:nx | AI (dependencies): nx is a well-known monorepo build tool from Nrwl; its use in Storm Software build utilities is expected and legitimate across all versions. | ai | |
| phantom-deps | phantom-dep:knitwork | AI (phantom-deps): knitwork is a legitimate code-generation utility; phantom-dep finding is a code quality note, not a security risk for this package. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): commander is a well-known CLI framework; used in bin entry points. Not a security concern for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): README link dump reflects Storm Software's ecosystem-wide documentation style across 412 versions; not a phishing indicator for this established monorepo package. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): env-bulk-read is used to read namespaced STORM_EXTENSION_* config vars — a legitimate config-library pattern stable across versions of this package. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Same-org dependency (@storm-software scope); declared but bundled/indirectly used — stable false positive for this monorepo package. | ai |
Versions (showing 51 of 272)
| Version | Deps | Published |
|---|---|---|
| 0.24.203 | 5 / 3 | |
| 0.24.202 | 5 / 3 | |
| 0.24.201 | 5 / 3 | |
| 0.24.200 | 5 / 3 | |
| 0.24.199 | 5 / 3 | |
| 0.24.198 | 5 / 3 | |
| 0.24.197 | 5 / 3 | |
| 0.24.196 | 5 / 3 | |
| 0.24.195 | 5 / 3 | |
| 0.24.194 | 5 / 3 | |
| 0.24.193 | 5 / 3 | |
| 0.24.192 | 5 / 3 | |
| 0.24.191 | 5 / 3 | |
| 0.24.190 | 5 / 3 | |
| 0.24.189 | 5 / 3 | |
| 0.24.188 | 5 / 3 | |
| 0.24.187 | 5 / 3 | |
| 0.24.186 | 5 / 3 | |
| 0.24.185 | 5 / 3 | |
| 0.24.184 | 5 / 3 | |
| 0.24.183 | 5 / 3 | |
| 0.24.182 | 5 / 3 | |
| 0.24.181 | 5 / 3 | |
| 0.24.180 | 5 / 3 | |
| 0.24.179 | 5 / 3 | |
| 0.24.178 | 5 / 3 | |
| 0.24.177 | 5 / 3 | |
| 0.24.176 | 5 / 3 | |
| 0.24.175 | 5 / 3 | |
| 0.24.174 | 5 / 3 | |
| 0.24.173 | 5 / 3 | |
| 0.24.172 | 5 / 3 | |
| 0.24.171 | 5 / 3 | |
| 0.24.170 | 5 / 3 | |
| 0.24.169 | 5 / 3 | |
| 0.24.168 | 5 / 3 | |
| 0.24.167 | 5 / 3 | |
| 0.24.166 | 5 / 3 | |
| 0.24.165 | 5 / 3 | |
| 0.24.164 | 5 / 3 | |
| 0.24.163 | 5 / 3 | |
| 0.24.162 | 5 / 3 | |
| 0.24.161 | 5 / 3 | |
| 0.24.160 | 5 / 3 | |
| 0.24.159 | 5 / 3 | |
| 0.24.158 | 5 / 3 | |
| 0.24.157 | 5 / 3 | |
| 0.24.156 | 5 / 3 | |
| 0.24.155 | 5 / 3 | |
| 0.24.153 | 5 / 3 | |
| 0.24.152 | 5 / 3 |
v0.24.203
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.202
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.201
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.200
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.199
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.198
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.197
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.196
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.195
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.194
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.193
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.192
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.191
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.190
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.189
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.188
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.187
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.186
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.185
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.184
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.183
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.182
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.181
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.180
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.179
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.178
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.177
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.176
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.175
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.174
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.173
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.172
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.171
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.170
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.169
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.24.168
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.167
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.166
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.165
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.164
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.163
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.162
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.161
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.160
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.159
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.158
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.157
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.156
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.155
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.153
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.152
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.