@types/is-ci — Greenflagged

TypeScript definitions for is-ci

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

types

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@types/ci-info	AI (dependencies): @types/ci-info is a legitimate DefinitelyTyped dependency required because is-ci v2.x depends on ci-info; this type dependency is expected and stable for this package.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): The added @types/ci-info dependency reflects the upstream is-ci v2.x refactor to use ci-info; this is a benign, expected type-level dependency for this DefinitelyTyped package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/ci-info	AI (phantom-deps): DefinitelyTyped packages routinely declare type dependencies that are structurally referenced rather than explicitly imported; this is normal for @types/* packages.	ai	2026/04/24

Versions (showing 7 of 7)

Version	Deps	Published
3.0.4	1 / 0	2023-11-07
3.0.3	1 / 0	2023-10-18
3.0.2	1 / 0	2023-10-10
3.0.1	1 / 0	2023-09-26
3.0.0	1 / 0	2021-03-07
2.0.0	1 / 0	2019-05-30
1.1.0	0 / 0	2018-04-16