@vitest/mocker
Vitest module mocker implementation
57
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
antfupatakoreannoyyx990803vitestbot
Keywords
vitesttestmock
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from vitestbot to GitHub Actions CI/CD with SLSA provenance is a legitimate and improved supply chain practice for the vitest monorepo. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): yyx990803 (Evan You) is the creator of Vite/Vue; his addition as maintainer is expected and legitimate for the vitest ecosystem. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): vitestbot was a CI automation account; its removal in favor of human maintainers and GitHub Actions publishing is a normal and benign transition. | ai | |
| source-diff | encoded-string-file:dist/chunk-automock.js | AI (source-diff): The 'encoded' content is the bundled cjs-module-lexer v2.2.0 (annotated in a comment), a legitimate devDependency. Minified rollup bundle output, not obfuscation. | ai | |
| dependencies | unvetted-dep:@vitest/spy | AI (dependencies): @vitest/spy is a first-party vitest monorepo package published at the same version; not a suspicious third-party dependency. | ai | |
| bogus-package | bogus-package | AI (bogus-package): antfu, patak, yyx990803 are prominent legitimate OSS maintainers, not spammers. Spam flag is a false positive for this package. | ai |
Versions (showing 57 of 57)
| Version | Deps | Published |
|---|---|---|
| 4.1.7 | 3 / 9 | |
| 4.1.6 | 3 / 9 | |
| 4.1.5 | 3 / 9 | |
| 4.1.4 | 3 / 9 | |
| 4.1.3 | 3 / 9 | |
| 4.1.2 | 3 / 9 | |
| 4.1.1 | 3 / 9 | |
| 4.1.0 | 3 / 9 | |
| 4.0.18 | 3 / 7 | |
| 4.0.17 | 3 / 7 | |
| 4.0.16 | 3 / 7 | |
| 4.0.15 | 3 / 7 | |
| 4.0.14 | 3 / 7 | |
| 4.0.13 | 3 / 7 | |
| 4.0.12 | 3 / 7 | |
| 4.0.11 | 3 / 7 | |
| 4.0.10 | 3 / 7 | |
| 4.0.9 | 3 / 7 | |
| 4.0.8 | 3 / 7 | |
| 4.0.7 | 3 / 7 | |
| 4.0.6 | 3 / 7 | |
| 4.0.5 | 3 / 7 | |
| 4.0.4 | 3 / 7 | |
| 4.0.3 | 3 / 7 | |
| 4.0.2 | 3 / 7 | |
| 4.0.1 | 3 / 7 | |
| 4.0.0 | 3 / 7 | |
| 3.2.4 | 3 / 7 | |
| 3.2.3 | 3 / 7 | |
| 3.2.2 | 3 / 7 | |
| 3.2.1 | 3 / 7 | |
| 3.2.0 | 3 / 7 | |
| 3.1.4 | 3 / 7 | |
| 3.1.3 | 3 / 7 | |
| 3.1.2 | 3 / 7 | |
| 3.1.1 | 3 / 7 | |
| 3.1.0 | 3 / 7 | |
| 3.0.9 | 3 / 7 | |
| 3.0.8 | 3 / 7 | |
| 3.0.7 | 3 / 7 | |
| 3.0.6 | 3 / 7 | |
| 3.0.5 | 3 / 7 | |
| 3.0.4 | 3 / 7 | |
| 3.0.3 | 3 / 7 | |
| 3.0.2 | 3 / 7 | |
| 3.0.1 | 3 / 7 | |
| 3.0.0 | 3 / 7 | |
| 2.1.9 | 3 / 7 | |
| 2.1.8 | 3 / 7 | |
| 2.1.7 | 3 / 7 | |
| 2.1.6 | 3 / 7 | |
| 2.1.5 | 3 / 7 | |
| 2.1.4 | 3 / 7 | |
| 2.1.3 | 3 / 7 | |
| 2.1.2 | 3 / 7 | |
| 2.1.1 | 3 / 7 | |
| 2.1.0 | 3 / 7 |
v4.1.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.6
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.