@wdio/protocols — Greenflagged

Utility package providing information about automation protocols

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

christian-bromannwdio-userwswebcreation-nl

Keywords

webdriverwdio

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): WebdriverIO migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation. This is a documented, legitimate transition for the entire monorepo; not a takeover signal.	ai	2026/04/23

Versions (showing 97 of 97)

Version	Deps	Published
9.27.2	0 / 0	2026-05-26
9.27.1	0 / 0	2026-04-30
9.27.0	0 / 0	2026-03-23
9.26.1	0 / 0	2026-03-15
9.26.0	0 / 0	2026-03-15
9.25.0	0 / 0	2026-03-10
9.24.0	0 / 0	2026-02-10
9.23.3	0 / 0	2026-02-01
9.23.2	0 / 0	2026-01-18
9.23.1	0 / 0	2026-01-18
9.15.0	0 / 0	2025-05-30
9.12.5	0 / 0	2025-04-11
9.12.3	0 / 0	2025-04-03
9.12.2	0 / 0	2025-03-27
9.7.0	0 / 0	2025-01-24
9.4.4	0 / 0	2024-12-19
9.2.2	0 / 0	2024-10-28
9.2.0	0 / 0	2024-10-12
9.0.4	0 / 0	2024-08-19
9.0.0	0 / 0	2024-08-15
8.44.0	0 / 0	2025-04-08
8.40.3	0 / 0	2024-08-15
8.38.0	0 / 0	2024-05-24
8.32.0	0 / 0	2024-02-14
8.29.7	0 / 0	2024-02-02
8.24.12	0 / 0	2023-12-05
8.24.9	0 / 0	2023-12-05
8.24.8	0 / 0	2023-12-05
8.23.0	0 / 0	2023-11-14
8.22.0	0 / 0	2023-11-08
8.20.4	0 / 0	2023-10-25
8.20.3	0 / 0	2023-10-24
8.18.0	0 / 0	2023-10-12
8.16.5	0 / 0	2023-09-07
8.14.6	0 / 0	2023-08-13
8.11.0	0 / 0	2023-06-08
8.10.2	0 / 0	2023-05-10
8.8.1	0 / 0	2023-04-12
8.6.6	0 / 0	2023-03-20
8.5.7	0 / 0	2023-03-08
8.5.6	0 / 0	2023-03-06
8.3.11	0 / 0	2023-02-24
8.3.5	0 / 0	2023-02-08
8.2.0	0 / 0	2023-01-20
8.1.0	0 / 0	2023-01-02
8.0.15	0 / 0	2022-12-28
8.0.0	0 / 0	2022-12-01
7.27.0	0 / 0	2022-11-23
7.22.0	0 / 0	2022-08-19
7.20.6	0 / 0	2022-07-15
7.20.4	0 / 0	2022-06-22
7.20.2	0 / 0	2022-06-10
7.20.0	0 / 0	2022-06-03
7.19.0	0 / 0	2022-03-22
7.17.3	0 / 0	2022-03-10
7.16.7	0 / 0	2021-11-12
7.16.1	0 / 0	2021-10-22
7.16.0	0 / 0	2021-10-20
7.13.2	0 / 0	2021-09-27
7.13.0	0 / 0	2021-09-22
7.12.1	0 / 0	2021-09-07
7.12.0	0 / 0	2021-09-06
7.11.0	0 / 0	2021-08-26
7.10.1	0 / 0	2021-08-23
7.7.4	0 / 0	2021-06-20
7.5.3	0 / 0	2021-04-30
7.4.2	0 / 0	2021-04-13
7.4.1	0 / 0	2021-04-13
7.1.1	0 / 0	2021-03-09
7.0.0	0 / 0	2021-02-09
6.12.0	0 / 0	2021-01-13
6.10.6	0 / 0	2020-12-11
6.10.0	0 / 0	2020-11-24
6.8.0	0 / 0	2020-11-16
6.6.0	0 / 0	2020-10-06
6.3.6	0 / 0	2020-07-29
6.3.0	0 / 0	2020-07-16
6.1.25	0 / 0	2020-07-07
6.1.14	0 / 0	2020-05-27
6.1.11	0 / 0	2020-05-11
6.1.2	0 / 0	2020-04-22
6.0.12	0 / 0	2020-04-01
6.0.11	0 / 0	2020-04-01
6.0.8	0 / 0	2020-03-30
6.0.7	0 / 0	2020-03-30
6.0.1	0 / 0	2020-03-26
5.22.1	0 / 0	2020-03-18
5.19.0	0 / 0	2020-03-10
5.18.7	0 / 0	2020-02-14
5.16.7	0 / 0	2019-11-13
5.16.4	0 / 0	2019-11-08
5.16.0	0 / 0	2019-11-05
5.15.6	0 / 0	2019-10-30
5.15.4	0 / 0	2019-10-25
5.15.1	0 / 0	2019-10-16
5.14.0	0 / 0	2019-10-01
5.13.2	0 / 0	2019-09-25

v9.27.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.27.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.27.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.26.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.26.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.25.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.24.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.3

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-02-01) provenance

This version was published by a different npm account than previous versions on 2026-02-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.2

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-01-18) provenance

This version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.1

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-01-18) provenance

This version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.15.0

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.12.5

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.12.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.12.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.4.4

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.2.2

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.2.0

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.0.4

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v9.0.0

1 finding

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

v8.44.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.40.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v8.38.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v8.32.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v8.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v8.24.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v8.24.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.24.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.23.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.22.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.20.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.20.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.18.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.16.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.14.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.10.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.8.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.6.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.5.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.5.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.3.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.3.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.0.15

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.