@zuplo/errors
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from zuplo-integrations to GitHub Actions, consistent with a CI/CD migration for the @zuplo org. Scoped package under a registered npm org reduces takeover risk. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainer moritzs is consistent with a legitimate Zuplo org contributor addition. Scoped @zuplo package limits unauthorized additions. | ai |
Versions (showing 100 of 548)
| Version | Deps | Published |
|---|---|---|
| 6.59.61 | 0 / 6 | |
| 6.59.60 | 0 / 6 | |
| 6.59.59 | 0 / 6 | |
| 6.59.58 | 0 / 6 | |
| 6.59.56 | 0 / 6 | |
| 6.59.55 | 0 / 6 | |
| 6.59.54 | 0 / 6 | |
| 6.59.53 | 0 / 6 | |
| 6.59.52 | 0 / 6 | |
| 6.59.51 | 0 / 6 | |
| 6.59.50 | 0 / 6 | |
| 6.59.49 | 0 / 6 | |
| 6.59.48 | 0 / 6 | |
| 6.59.47 | 0 / 6 | |
| 6.59.45 | 0 / 6 | |
| 6.59.44 | 0 / 6 | |
| 6.59.43 | 0 / 6 | |
| 6.59.42 | 0 / 6 | |
| 6.59.41 | 0 / 6 | |
| 6.59.39 | 0 / 6 | |
| 6.59.37 | 0 / 6 | |
| 6.59.36 | 0 / 6 | |
| 6.59.35 | 0 / 6 | |
| 6.59.34 | 0 / 6 | |
| 6.59.33 | 0 / 6 | |
| 6.59.32 | 0 / 6 | |
| 6.59.31 | 0 / 6 | |
| 6.59.30 | 0 / 6 | |
| 6.59.29 | 0 / 6 | |
| 6.59.28 | 0 / 6 | |
| 6.59.27 | 0 / 6 | |
| 6.59.25 | 0 / 6 | |
| 6.59.23 | 0 / 6 | |
| 6.59.22 | 0 / 6 | |
| 6.59.21 | 0 / 6 | |
| 6.59.20 | 0 / 6 | |
| 6.59.19 | 0 / 6 | |
| 6.59.18 | 0 / 6 | |
| 6.59.17 | 0 / 6 | |
| 6.59.13 | 0 / 6 | |
| 6.59.12 | 0 / 6 | |
| 6.59.11 | 0 / 6 | |
| 6.59.10 | 0 / 6 | |
| 6.59.9 | 0 / 6 | |
| 6.59.8 | 0 / 6 | |
| 6.59.7 | 0 / 6 | |
| 6.59.6 | 0 / 6 | |
| 6.59.5 | 0 / 6 | |
| 6.59.4 | 0 / 6 | |
| 6.59.3 | 0 / 6 | |
| 6.59.2 | 0 / 6 | |
| 6.59.1 | 0 / 6 | |
| 6.59.0 | 0 / 6 | |
| 6.58.8 | 0 / 6 | |
| 6.58.7 | 0 / 6 | |
| 6.58.6 | 0 / 6 | |
| 6.58.5 | 0 / 6 | |
| 6.58.4 | 0 / 6 | |
| 6.58.2 | 0 / 6 | |
| 6.58.0 | 0 / 6 | |
| 6.57.19 | 0 / 6 | |
| 6.57.18 | 0 / 6 | |
| 6.57.17 | 0 / 6 | |
| 6.57.16 | 0 / 6 | |
| 6.57.15 | 0 / 6 | |
| 6.57.14 | 0 / 6 | |
| 6.57.13 | 0 / 6 | |
| 6.57.12 | 0 / 6 | |
| 6.57.11 | 0 / 6 | |
| 6.57.10 | 0 / 6 | |
| 6.57.7 | 0 / 6 | |
| 6.57.6 | 0 / 6 | |
| 6.57.5 | 0 / 6 | |
| 6.57.4 | 0 / 6 | |
| 6.57.3 | 0 / 6 | |
| 6.57.2 | 0 / 6 | |
| 6.57.1 | 0 / 6 | |
| 6.57.0 | 0 / 6 | |
| 6.56.8 | 0 / 6 | |
| 6.56.7 | 0 / 6 | |
| 6.56.6 | 0 / 6 | |
| 6.56.5 | 0 / 6 | |
| 6.56.4 | 0 / 6 | |
| 6.56.2 | 0 / 6 | |
| 6.56.1 | 0 / 6 | |
| 6.56.0 | 0 / 6 | |
| 6.55.6 | 0 / 6 | |
| 6.55.5 | 0 / 6 | |
| 6.55.4 | 0 / 6 | |
| 6.55.3 | 0 / 6 | |
| 6.55.2 | 0 / 6 | |
| 6.55.1 | 0 / 6 | |
| 6.55.0 | 0 / 6 | |
| 6.54.29 | 0 / 6 | |
| 6.54.26 | 0 / 6 | |
| 6.54.24 | 0 / 6 | |
| 6.54.23 | 0 / 6 | |
| 6.54.22 | 0 / 6 | |
| 6.54.21 | 0 / 6 | |
| 6.54.20 | 0 / 6 |
v6.59.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.59.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.57.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.57.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.56.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.55.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.54.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.