@types/koa — Greenflagged

TypeScript definitions for koa

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

types

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/accepts	AI (phantom-deps): @types/* packages are resolved by TypeScript's type system, not via direct imports. Stable false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/keygrip	AI (phantom-deps): @types/* packages are resolved by TypeScript's type system, not via direct imports. Stable false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/http-assert	AI (phantom-deps): @types/* packages are resolved by TypeScript's type system, not via direct imports. Stable false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/koa-compose	AI (phantom-deps): @types/* packages are resolved by TypeScript's type system, not via direct imports. Stable false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/cookies	AI (phantom-deps): @types/* packages conventionally declare type deps without direct imports; this is expected behavior for DefinitelyTyped packages.	ai	2026/04/24
typosquat	typosquat.levenshtein:got	AI (typosquat): @types/koa is the official DefinitelyTyped package for Koa; string similarity to 'got' is purely coincidental and not a typosquat risk.	ai	2026/04/24
typosquat	typosquat.levenshtein:joi	AI (typosquat): @types/koa is the official DefinitelyTyped package for Koa; string similarity to 'joi' is purely coincidental and not a typosquat risk.	ai	2026/04/24
typosquat	typosquat.levenshtein:zod	AI (typosquat): @types/koa is the official DefinitelyTyped package for Koa; string similarity to 'zod' is purely coincidental and not a typosquat risk.	ai	2026/04/24
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is a standard type-level dependency for DefinitelyTyped packages; not directly imported by convention. Stable false positive.	ai	2026/04/24
source-diff	source-size-dropped	AI (source-diff): Size reduction in a @types package reflects type definition refactoring, not malicious stubbing. Publisher track record and DefinitelyTyped repo confirm legitimacy.	ai	2026/04/24
email-domain	unclaimed-email:https://github.com/davidcai1993	AI (email-domain): The 'email' field is a GitHub profile URL, not an email address. The analyzer is misinterpreting a URL as an email domain — stable false positive for this package.	ai	2026/04/24

Versions (showing 51 of 55)

View all versions

Version	Deps	Published
3.0.3	8 / 0	2026-05-19
3.0.2	8 / 0	2026-03-18
3.0.1	8 / 0	2025-10-24
3.0.0	8 / 0	2025-07-30
2.15.2	8 / 0	2026-05-19
2.15.1	8 / 0	2026-05-14
2.15.0	8 / 0	2024-02-22
2.14.0	8 / 0	2024-01-09
2.13.12	8 / 0	2023-11-21
2.13.11	8 / 0	2023-11-07
2.13.10	8 / 0	2023-10-18
2.13.9	8 / 0	2023-09-14
2.13.8	8 / 0	2023-07-29
2.13.7	8 / 0	2023-07-25
2.13.6	8 / 0	2023-03-27
2.13.5	8 / 0	2022-07-13
2.13.4	8 / 0	2021-07-06
2.13.3	8 / 0	2021-05-28
2.13.2	8 / 0	2021-05-27
2.13.1	8 / 0	2021-03-04
2.13.0	8 / 0	2021-02-18
2.11.8	8 / 0	2021-02-12
2.11.7	8 / 0	2021-01-27
2.11.6	8 / 0	2020-10-20
2.11.5	8 / 0	2020-10-13
2.11.4	8 / 0	2020-08-18
2.11.3	7 / 0	2020-03-27
2.11.2	6 / 0	2020-02-25
2.11.1	6 / 0	2020-02-11
2.11.0	6 / 0	2019-11-27
2.0.52	6 / 0	2019-11-07
2.0.51	6 / 0	2019-10-16
2.0.50	6 / 0	2019-09-25
2.0.49	6 / 0	2019-07-01
2.0.48	6 / 0	2018-12-31
2.0.47	6 / 0	2018-11-20
2.0.46	7 / 0	2018-06-01
2.0.45	7 / 0	2018-04-06
2.0.44	7 / 0	2018-02-05
2.0.43	7 / 0	2017-12-14
2.0.42	7 / 0	2017-12-03
2.0.41	6 / 0	2017-11-22
2.0.40	6 / 0	2017-11-09
2.0.39	6 / 0	2017-03-12
2.0.38	6 / 0	2017-02-21
2.0.37	2 / 0	2016-12-24
2.0.36	2 / 0	2016-12-19
2.0.35	2 / 0	2016-12-13
2.0.34	2 / 0	2016-11-14
2.0.33	2 / 0	2016-09-19
2.0.32	2 / 0	2016-08-25