@vitest/spy
Lightweight Jest compatible spy implementation
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
antfupatakoreannoyyx990803vitestbot
Keywords
vitesttestmockspyintercept
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Package transitioned from vitestbot to GitHub Actions CI/CD publishing with SLSA provenance attestation — a legitimate and positive supply chain improvement for the vitest ecosystem. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): yyx990803 is Evan You, creator of Vue.js and core contributor to Vite/Vitest — a legitimate maintainer addition, not a takeover. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): vitestbot removal is consistent with transition to GitHub Actions CI/CD publishing; the bot account is no longer needed. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): @vitest/spy is a scoped package in the official vitest namespace; Levenshtein comparison to 'pg' is a false positive with no typosquat intent. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Flagged maintainers (antfu, patak, yyx990803) are well-known legitimate OSS developers; no-deps and short README are normal for this compiled utility package. | ai |
Versions (showing 51 of 119)
| Version | Deps | Published |
|---|---|---|
| 4.1.7 | 0 / 0 | |
| 4.1.6 | 0 / 0 | |
| 4.1.5 | 0 / 0 | |
| 4.1.4 | 0 / 0 | |
| 4.1.3 | 0 / 0 | |
| 4.1.2 | 0 / 0 | |
| 4.1.1 | 0 / 0 | |
| 4.1.0 | 0 / 0 | |
| 4.0.18 | 0 / 0 | |
| 4.0.17 | 0 / 0 | |
| 4.0.16 | 0 / 0 | |
| 4.0.15 | 0 / 0 | |
| 4.0.14 | 0 / 0 | |
| 4.0.13 | 0 / 0 | |
| 4.0.12 | 0 / 0 | |
| 4.0.11 | 0 / 0 | |
| 4.0.10 | 0 / 0 | |
| 4.0.9 | 0 / 0 | |
| 4.0.8 | 0 / 0 | |
| 4.0.7 | 0 / 0 | |
| 4.0.6 | 0 / 0 | |
| 4.0.5 | 0 / 0 | |
| 4.0.4 | 0 / 0 | |
| 4.0.3 | 0 / 0 | |
| 4.0.2 | 0 / 0 | |
| 4.0.1 | 0 / 0 | |
| 4.0.0 | 0 / 0 | |
| 3.2.4 | 1 / 0 | |
| 3.2.3 | 1 / 0 | |
| 3.2.2 | 1 / 0 | |
| 3.2.1 | 1 / 0 | |
| 3.2.0 | 1 / 0 | |
| 3.1.4 | 1 / 0 | |
| 3.1.3 | 1 / 0 | |
| 3.1.2 | 1 / 0 | |
| 3.1.1 | 1 / 0 | |
| 3.1.0 | 1 / 0 | |
| 3.0.9 | 1 / 0 | |
| 3.0.8 | 1 / 0 | |
| 3.0.7 | 1 / 0 | |
| 3.0.6 | 1 / 0 | |
| 3.0.5 | 1 / 0 | |
| 3.0.4 | 1 / 0 | |
| 3.0.3 | 1 / 0 | |
| 3.0.2 | 1 / 0 | |
| 3.0.1 | 1 / 0 | |
| 3.0.0 | 1 / 0 | |
| 2.1.9 | 1 / 0 | |
| 2.1.8 | 1 / 0 | |
| 2.1.7 | 1 / 0 | |
| 2.1.6 | 1 / 0 |
v4.1.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.6
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.