@vercel/hono No license 10 versions

@vercel/hono

npm Repository Homepage

10

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

matheussmatt.strakavercel-release-botzeit-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:pino	AI (typosquat): Official Vercel monorepo package; name reflects hono framework adapter, not a pino typosquat.	ai	2026/05/16
phantom-deps	phantom-dep:zod	AI (phantom-deps): Framework adapter; deps loaded by convention, not direct import. Stable pattern for this package.	ai	2026/05/16
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): Framework adapter; deps loaded by convention, not direct import. Stable pattern for this package.	ai	2026/05/16
phantom-deps	phantom-dep:ts-morph	AI (phantom-deps): Framework adapter; deps loaded by convention, not direct import. Stable pattern for this package.	ai	2026/05/16
phantom-deps	phantom-dep:@vercel/nft	AI (phantom-deps): Framework-scoped Vercel package loaded by convention. Stable pattern for this package.	ai	2026/05/16
phantom-deps	phantom-dep:path-to-regexp	AI (phantom-deps): Framework adapter; deps loaded by convention, not direct import. Stable pattern for this package.	ai	2026/05/16
phantom-deps	phantom-dep:@vercel/static-config	AI (phantom-deps): Framework-scoped Vercel package loaded by convention. Stable pattern for this package.	ai	2026/05/16

Versions (showing 10 of 110)

Version	Deps	Published
0.0.15	3 / 8	2025-08-26
0.0.14	3 / 8	2025-08-15
0.0.13	3 / 8	2025-08-13
0.0.9	3 / 8	2025-08-04
0.0.8	3 / 8	2025-08-02
0.0.6	3 / 8	2025-07-31
0.0.5	3 / 8	2025-07-31
0.0.4	3 / 8	2025-07-25
0.0.3	3 / 8	2025-07-25
0.0.2	3 / 8	2025-07-25

v0.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.