brilliant-directories-mcp
Official MCP server for Brilliant Directories — manage members, posts, leads, reviews, and more.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | slsa-provenance | AI (provenance): SLSA provenance present; stable supply chain signal for this package. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): /etc/passwd reference appears only in a comment describing a path-traversal attack being defended against. The code implements a guard, not credential harvesting. Stable false positive for this package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation — this reflects a legitimate migration to CI/CD publishing, consistent with the org's GitHub identity and no material code changes. | ai |
Versions (showing 100 of 486)
| Version | Deps | Published |
|---|---|---|
| 6.40.54 | 1 / 0 | |
| 6.40.53 | 1 / 0 | |
| 6.40.52 | 1 / 0 | |
| 6.40.51 | 1 / 0 | |
| 6.40.50 | 1 / 0 | |
| 6.40.49 | 1 / 0 | |
| 6.40.48 | 1 / 0 | |
| 6.40.47 | 1 / 0 | |
| 6.40.46 | 1 / 0 | |
| 6.40.45 | 1 / 0 | |
| 6.40.44 | 1 / 0 | |
| 6.40.43 | 1 / 0 | |
| 6.40.42 | 1 / 0 | |
| 6.40.41 | 1 / 0 | |
| 6.40.40 | 1 / 0 | |
| 6.40.39 | 1 / 0 | |
| 6.40.38 | 1 / 0 | |
| 6.40.37 | 1 / 0 | |
| 6.40.36 | 1 / 0 | |
| 6.40.35 | 1 / 0 | |
| 6.40.34 | 1 / 0 | |
| 6.40.33 | 1 / 0 | |
| 6.40.32 | 1 / 0 | |
| 6.40.31 | 1 / 0 | |
| 6.40.30 | 1 / 0 | |
| 6.40.29 | 1 / 0 | |
| 6.40.28 | 1 / 0 | |
| 6.40.27 | 1 / 0 | |
| 6.40.26 | 1 / 0 | |
| 6.40.25 | 1 / 0 | |
| 6.40.24 | 1 / 0 | |
| 6.40.23 | 1 / 0 | |
| 6.40.22 | 1 / 0 | |
| 6.40.21 | 1 / 0 | |
| 6.40.20 | 1 / 0 | |
| 6.40.19 | 1 / 0 | |
| 6.40.18 | 1 / 0 | |
| 6.40.17 | 1 / 0 | |
| 6.40.16 | 1 / 0 | |
| 6.40.15 | 1 / 0 | |
| 6.40.14 | 1 / 0 | |
| 6.40.13 | 1 / 0 | |
| 6.40.11 | 1 / 0 | |
| 6.40.10 | 1 / 0 | |
| 6.40.9 | 1 / 0 | |
| 6.40.8 | 1 / 0 | |
| 6.40.7 | 1 / 0 | |
| 6.40.6 | 1 / 0 | |
| 6.40.5 | 1 / 0 | |
| 6.40.4 | 1 / 0 | |
| 6.40.3 | 1 / 0 | |
| 6.40.2 | 1 / 0 | |
| 6.40.1 | 1 / 0 | |
| 6.40.0 | 1 / 0 | |
| 6.39.0 | 1 / 0 | |
| 6.38.14 | 1 / 0 | |
| 6.38.13 | 1 / 0 | |
| 6.38.12 | 1 / 0 | |
| 6.38.11 | 1 / 0 | |
| 6.38.10 | 1 / 0 | |
| 6.38.9 | 1 / 0 | |
| 6.38.8 | 1 / 0 | |
| 6.38.7 | 1 / 0 | |
| 6.38.6 | 1 / 0 | |
| 6.38.5 | 1 / 0 | |
| 6.38.4 | 1 / 0 | |
| 6.38.3 | 1 / 0 | |
| 6.38.2 | 1 / 0 | |
| 6.38.1 | 1 / 0 | |
| 6.38.0 | 1 / 0 | |
| 6.37.2 | 1 / 0 | |
| 6.37.1 | 1 / 0 | |
| 6.37.0 | 1 / 0 | |
| 6.36.0 | 1 / 0 | |
| 6.35.0 | 1 / 0 | |
| 6.34.0 | 1 / 0 | |
| 6.33.0 | 1 / 0 | |
| 6.32.0 | 1 / 0 | |
| 6.31.0 | 1 / 0 | |
| 6.30.0 | 1 / 0 | |
| 6.29.0 | 1 / 0 | |
| 6.28.0 | 1 / 0 | |
| 6.27.0 | 1 / 0 | |
| 6.26.0 | 1 / 0 | |
| 6.13.21 | 1 / 0 | |
| 6.13.19 | 1 / 0 | |
| 6.13.15 | 1 / 0 | |
| 6.13.3 | 1 / 0 | |
| 6.13.2 | 1 / 0 | |
| 6.13.0 | 1 / 0 | |
| 6.12.0 | 1 / 0 | |
| 6.11.3 | 1 / 0 | |
| 6.11.2 | 1 / 0 | |
| 6.11.1 | 1 / 0 | |
| 6.11.0 | 1 / 0 | |
| 6.10.12 | 1 / 0 | |
| 6.10.11 | 1 / 0 | |
| 6.10.10 | 1 / 0 | |
| 6.10.9 | 1 / 0 | |
| 6.10.8 | 1 / 0 |
v6.40.54
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.53
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.52
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.51
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.50
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.49
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.48
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.47
3 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/brilliantdirectories/brilliant-directories-mcp/blob/604f1d887e2cd98715dd7f3ca2799ad6c824c0ac/index.js#L1733 1731 | // Path-traversal guard: reject `.` or `..` segments anywhere in the path. 1732 | // BD URL slugs don't legitimately contain dot-segments; allowing them is > 1733 | // a security footgun (filename like `../../etc/passwd` stored verbatim). 1734 | const segments = slug.split("/"); 1735 | for (const seg of segments) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.46
3 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/brilliantdirectories/brilliant-directories-mcp/blob/cfc4739799494952d9b84acbbf1d908ee1e67c17/index.js#L1733 1731 | // Path-traversal guard: reject `.` or `..` segments anywhere in the path. 1732 | // BD URL slugs don't legitimately contain dot-segments; allowing them is > 1733 | // a security footgun (filename like `../../etc/passwd` stored verbatim). 1734 | const segments = slug.split("/"); 1735 | for (const seg of segments) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.45
3 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/brilliantdirectories/brilliant-directories-mcp/blob/9ab0adf6ca7abac0e81471d5cc006b5bd579bd22/index.js#L1733 1731 | // Path-traversal guard: reject `.` or `..` segments anywhere in the path. 1732 | // BD URL slugs don't legitimately contain dot-segments; allowing them is > 1733 | // a security footgun (filename like `../../etc/passwd` stored verbatim). 1734 | const segments = slug.split("/"); 1735 | for (const seg of segments) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.44
3 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/brilliantdirectories/brilliant-directories-mcp/blob/403b9f70f463de8b66fce43a7e9aff4a6725f232/index.js#L1733 1731 | // Path-traversal guard: reject `.` or `..` segments anywhere in the path. 1732 | // BD URL slugs don't legitimately contain dot-segments; allowing them is > 1733 | // a security footgun (filename like `../../etc/passwd` stored verbatim). 1734 | const segments = slug.split("/"); 1735 | for (const seg of segments) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.43
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.42
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.41
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.40
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.39
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.38
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.37
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.36
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.35
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.34
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.33
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.32
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.31
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.30
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.29
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.28
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.27
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.26
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.25
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.24
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.23
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.22
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.21
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.20
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.19
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.18
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.17
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.16
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.15
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.14
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.13
2 findingsThis version was published by a different npm account than previous versions on 2026-04-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.11
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.10
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.9
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.8
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.7
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.6
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.5
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.4
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.3
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.2
2 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.40.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.39.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.14
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.13
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.12
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.11
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.10
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.9
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.8
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.7
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.6
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.5
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.4
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.3
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.2
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.37.2
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.37.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.37.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.36.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.35.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.34.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.33.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.32.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.31.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.30.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.29.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.28.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.26.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.13.21
2 findingsThis version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.13.19
2 findingsThis version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.13.15
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.13.3
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.13.2
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.13.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.12.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.3
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.2
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.0
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.12
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.11
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.10
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.9
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.8
2 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.