azion
1
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
jcbsfilho
Keywords
azionedgecomputingpackages
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:axios | AI (typosquat): azion is an established CDN platform SDK with 992 days history and 239 versions; not a typosquat of axios. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require used to load user config files in bundler context; expected pattern for this tool. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding used to read bundled asset content in Next.js preset; not a malicious payload pattern. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process used in build-time Vercel integration utility; expected for a bundler/preset tool. | ai | |
| phantom-deps | phantom-dep:mime | AI (phantom-deps): Browserify polyfill deps referenced in bundler config files; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:util | AI (phantom-deps): Node built-in polyfill referenced in bundler config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): CLI utility dep referenced in config files; stable false positive for this bundler package. | ai | |
| phantom-deps | phantom-dep:events | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:assert-browserify | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:stream-http | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:vm-browserify | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:string_decoder | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:timers-browserify | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:inherits | AI (phantom-deps): Browserify polyfill referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:progress | AI (phantom-deps): CLI utility dep referenced in config; stable false positive for this bundler package. | ai | |
| phantom-deps | phantom-dep:babel-loader | AI (phantom-deps): Babel toolchain dep referenced in bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/preset-env | AI (phantom-deps): Babel preset loaded by convention in bundler; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/preset-typescript | AI (phantom-deps): Babel preset loaded by convention in bundler; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-proposal-optional-chaining-assign | AI (phantom-deps): Babel plugin loaded by convention in bundler; stable false positive. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 3.1.3 | 36 / 21 |
v3.1.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.