@tramvai/tinkoff-request-http-client-adapter Apache-2.0 23 versions

@tramvai/tinkoff-request-http-client-adapter

npm Repository Homepage

Interface implementation `HttpClient` from [@tramvai/http-client](references/libs/http-client.md) based on the library [@tinkoff/request](https://tinkoff.github.io/tinkoff-request/)

23

Versions

Apache-2.0

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

super_olegmeskilltinkoffbank

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@tinkoff/request-plugin-cache-deduplicate	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-transform-url	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-circuit-breaker	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tramvai/http-client	AI (dependencies): First-party tramvai ecosystem dep; consistent across all versions of this adapter.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-log	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-validate	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-cache-etag	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-cache-memory	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
dependencies	unvetted-dep:@tinkoff/request-plugin-protocol-http	AI (dependencies): Core @tinkoff/request plugin; stable dependency for this adapter package.	ai	2026/04/30
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is declared in dependencies; phantom-dep is a false positive here.	ai	2026/04/29
provenance	no-provenance	AI (provenance): Large monorepo package; provenance not used across the tramvai ecosystem.	ai	2026/04/29

Versions (showing 23 of 123)

Version	Deps	Published
0.12.264	14 / 0	2026-04-08
0.12.247	14 / 0	2026-02-17
0.12.246	14 / 0	2026-02-16
0.12.244	14 / 0	2026-02-09
0.12.242	14 / 0	2026-02-04
0.12.241	14 / 0	2026-01-27
0.12.240	14 / 0	2026-01-13
0.12.239	14 / 0	2026-01-12
0.12.238	14 / 0	2025-12-26
0.12.236	14 / 0	2025-12-18
0.12.235	14 / 0	2025-12-18
0.12.218	14 / 0	2025-11-19
0.12.205	14 / 0	2025-09-26
0.12.204	14 / 0	2025-09-23
0.12.203	14 / 0	2025-09-19
0.12.202	14 / 0	2025-09-19
0.12.198	14 / 0	2025-09-16
0.11.259	14 / 0	2025-09-26
0.11.258	14 / 0	2025-09-19
0.11.251	14 / 0	2025-07-15
0.11.246	14 / 0	2025-05-14
0.11.245	14 / 0	2025-05-13
0.11.242	14 / 0	2025-04-30

v0.12.264

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.247

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.246

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.244

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.242

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.241

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.240

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.239

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.238

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.236

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.235

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.218

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.205

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.204

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.203

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.202

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.198

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.259

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.258

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.251

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.246

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.245

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.242

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.