autoprefixer
Parse CSS and add vendor prefixes to CSS rules using values from the Can I Use website
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): The dynamic require loads autoprefixer's own internal updater modules by index — a stable internal plugin pattern, not user-controlled input. False positive for this package. | ai | |
| dependencies | unvetted-dep:normalize-range | AI (dependencies): normalize-range is a long-standing, benign utility dependency of autoprefixer for numeric range normalization. No security concerns. | ai | |
| dependencies | unvetted-dep:num2fraction | AI (dependencies): num2fraction is a long-standing, benign utility dependency of autoprefixer used for CSS fraction calculations. No security concerns. | ai | |
| dependencies | unvetted-dep:fraction.js | AI (dependencies): fraction.js is a legitimate math library that autoprefixer uses for CSS grid fraction calculations; this is a stable, expected dependency for this package. | ai | |
| provenance | no-provenance | AI (provenance): Autoprefixer is a long-established package from a trusted maintainer; lack of Sigstore provenance is not a meaningful risk signal here. | ai |
Versions (showing 49 of 249)
| Version | Deps | Published |
|---|---|---|
| 1.0.20131222 | 2 / 7 | |
| 0.8.20131213 | 2 / 9 | |
| 0.8.20131209 | 2 / 9 | |
| 0.8.20131104 | 2 / 9 | |
| 0.8.20131029 | 2 / 9 | |
| 0.8.20131020 | 2 / 9 | |
| 0.8.20131017 | 2 / 9 | |
| 0.8.20131015 | 2 / 9 | |
| 0.8.20131009 | 2 / 9 | |
| 0.8.20131007 | 2 / 9 | |
| 0.8.20131006 | 2 / 9 | |
| 0.8.20131001 | 2 / 9 | |
| 0.8.20130923 | 2 / 9 | |
| 0.8.20130919 | 2 / 9 | |
| 0.8.20130911 | 2 / 9 | |
| 0.8.20130906 | 2 / 9 | |
| 0.8.20130903 | 2 / 9 | |
| 0.8.20130902 | 2 / 9 | |
| 0.7.20130824 | 2 / 9 | |
| 0.7.20130810 | 2 / 9 | |
| 0.7.20130808 | 2 / 9 | |
| 0.7.20130807 | 2 / 9 | |
| 0.7.20130806 | 2 / 9 | |
| 0.7.20130805 | 2 / 9 | |
| 0.6.20130731 | 2 / 9 | |
| 0.6.20130730 | 2 / 9 | |
| 0.6.20130729 | 2 / 9 | |
| 0.6.20130728 | 2 / 9 | |
| 0.6.20130721 | 2 / 9 | |
| 0.6.20130716 | 2 / 9 | |
| 0.5.20130629 | 2 / 7 | |
| 0.5.20130626 | 2 / 7 | |
| 0.5.20130625 | 2 / 7 | |
| 0.5.20130617 | 2 / 7 | |
| 0.5.20130616 | 2 / 7 | |
| 0.5.20130615 | 2 / 7 | |
| 0.4.20130603 | 1 / 6 | |
| 0.4.20130530 | 1 / 6 | |
| 0.4.20130528 | 1 / 6 | |
| 0.4.20130524 | 1 / 6 | |
| 0.4.20130521 | 1 / 6 | |
| 0.4.20130515 | 1 / 6 | |
| 0.4.20130507 | 1 / 6 | |
| 0.3.20130502 | 1 / 5 | |
| 0.3.20130427 | 1 / 5 | |
| 0.3.20130424 | 1 / 5 | |
| 0.3.20130423 | 1 / 5 | |
| 0.2.20130413 | 1 / 6 | |
| 0.1.20130409 | 1 / 5 |
v1.0.20131222
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131213
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131209
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131104
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131029
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131020
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131017
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131015
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131009
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131007
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131006
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20131001
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130923
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130919
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130911
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130906
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130903
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20130902
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130824
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130810
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130808
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130807
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130806
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.20130805
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130731
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130730
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130729
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130728
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130721
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.20130716
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130629
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130626
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130625
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130617
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130616
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.20130615
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130603
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130530
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130528
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130524
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130521
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130515
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.20130507
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.20130502
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.20130427
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.20130424
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.20130423
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.20130413
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.20130409
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.