@vitest/utils
Shared Vitest utility functions
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
antfupatakoreannoyyx990803vitestbot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from vitestbot to GitHub Actions CI/CD with SLSA provenance is a legitimate and improved publishing flow for the vitest-dev org. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): yyx990803 (Evan You) is a core member of the Vite/Vitest ecosystem; legitimate maintainer addition. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): vitestbot removal coincides with move to GitHub Actions CI publishing; legitimate organizational change. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Long gap reflects monorepo release cadence, not account takeover; SLSA provenance confirms legitimate CI/CD publishing. | ai | |
| dependencies | unvetted-dep:convert-source-map | AI (dependencies): convert-source-map is a well-known, widely-used npm package for source map handling; not a security concern for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Vitest maintainers are legitimate; empty main and minimal docs are expected for monorepo utility packages. | ai |
Versions (showing 51 of 149)
| Version | Deps | Published |
|---|---|---|
| 4.1.7 | 3 / 5 | |
| 4.1.6 | 3 / 5 | |
| 4.1.5 | 3 / 5 | |
| 4.1.4 | 3 / 5 | |
| 4.1.3 | 3 / 5 | |
| 4.1.2 | 3 / 5 | |
| 4.1.1 | 3 / 5 | |
| 4.1.0 | 3 / 5 | |
| 4.0.18 | 2 / 5 | |
| 4.0.17 | 2 / 5 | |
| 4.0.16 | 2 / 5 | |
| 4.0.15 | 2 / 5 | |
| 4.0.14 | 2 / 5 | |
| 4.0.13 | 2 / 5 | |
| 4.0.12 | 2 / 5 | |
| 4.0.11 | 2 / 5 | |
| 4.0.10 | 2 / 5 | |
| 4.0.9 | 2 / 5 | |
| 4.0.8 | 2 / 5 | |
| 4.0.7 | 2 / 5 | |
| 4.0.6 | 2 / 5 | |
| 4.0.5 | 2 / 5 | |
| 4.0.4 | 2 / 5 | |
| 4.0.3 | 2 / 5 | |
| 4.0.2 | 2 / 5 | |
| 4.0.1 | 2 / 5 | |
| 4.0.0 | 2 / 5 | |
| 3.2.4 | 3 / 4 | |
| 3.2.3 | 3 / 4 | |
| 3.2.2 | 3 / 4 | |
| 3.2.1 | 3 / 4 | |
| 3.2.0 | 3 / 4 | |
| 3.1.4 | 3 / 4 | |
| 3.1.3 | 3 / 4 | |
| 3.1.2 | 3 / 4 | |
| 3.1.1 | 3 / 4 | |
| 3.1.0 | 3 / 4 | |
| 3.0.9 | 3 / 4 | |
| 3.0.8 | 3 / 4 | |
| 3.0.7 | 3 / 4 | |
| 3.0.6 | 3 / 4 | |
| 3.0.5 | 3 / 4 | |
| 3.0.4 | 3 / 4 | |
| 3.0.3 | 3 / 4 | |
| 3.0.2 | 3 / 4 | |
| 3.0.1 | 3 / 4 | |
| 3.0.0 | 3 / 4 | |
| 2.1.9 | 3 / 4 | |
| 2.1.8 | 3 / 4 | |
| 2.1.7 | 3 / 4 | |
| 2.1.6 | 3 / 4 |
v4.1.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.6
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.