← Home

chrome-devtools-frontend

npm Repository Homepage
49
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

paulirishmathiasgoogle-wombot

Keywords

devtoolschromechromiumblinkdebugger

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance no-provenance AI (provenance): Established package with 2160 versions; lack of Sigstore provenance is common and not a risk signal here. ai
semgrep semgrep:eval-usage AI (semgrep): eval() is in legacy test runner code evaluating test expressions — not runtime production code. ai
semgrep semgrep:shady-links-raw-ip AI (semgrep): Raw IPs appear only in unit test fixtures (localhost/127.0.0.1), not production network calls. ai
semgrep semgrep:child-process-import AI (semgrep): child_process used in scripts/npm_test.js to run blink tests — standard build/test tooling. ai
semgrep semgrep:child-process-spawn AI (semgrep): Spawns blink test runner in test script; expected for a devtools frontend package. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() used as a standard Proxy trap in DWARF debugger extension — not obfuscation. ai
source-diff obfuscated-file:front_end/third_party/lit/lib/async-directive.js AI (source-diff): Minified Lit HTML library (Google LLC, BSD-3-Clause) bundled as a third-party dependency in Chrome DevTools Frontend. Minification is expected for this package's third-party vendored assets. ai
semgrep semgrep:dynamic-require AI (semgrep): Fires in CodeMirror's loadmode.js addon, which legitimately uses dynamic require to load syntax modes on demand. Well-known, documented behavior. ai
semgrep semgrep:base64-decode AI (semgrep): Fires in Lighthouse report bundle; base64 usage is for legitimate report rendering (SVG/template content), not payload obfuscation. ai
semgrep semgrep:shady-links-tlds AI (semgrep): Fires in third-party-web data catalog listing known ad/analytics domains (e.g. marketingplatform.google.com). These are legitimate reference URLs in a data file, not C2 infrastructure. ai
semgrep semgrep:new-function-constructor AI (semgrep): Fires in bundled axe-core and other third-party libs; new Function() is a documented pattern in axe-core's rule engine. Not a security risk in this package. ai

Versions (showing 49 of 149)

Version Deps Published
1.0.1544076 0 / 61
1.0.1543472 0 / 61
1.0.1543082 0 / 61
1.0.1542501 0 / 61
1.0.1541552 0 / 61
1.0.1541169 0 / 61
1.0.1539972 0 / 60
1.0.1539728 0 / 60
1.0.1538523 0 / 60
1.0.1538310 0 / 60
1.0.1537860 0 / 60
1.0.1537268 0 / 60
1.0.1536371 0 / 60
1.0.1535712 0 / 60
1.0.1534717 0 / 60
1.0.1534251 0 / 60
1.0.1533544 0 / 60
1.0.1532884 0 / 60
1.0.1532228 0 / 60
1.0.1531367 0 / 60
1.0.1530564 0 / 60
1.0.1529904 0 / 60
1.0.1529186 0 / 60
1.0.1528866 0 / 60
1.0.1526630 0 / 60
1.0.1526203 0 / 60
1.0.1525561 0 / 60
1.0.1524741 0 / 60
1.0.1522585 0 / 60
1.0.1522145 0 / 60
1.0.1521880 0 / 60
1.0.1521746 0 / 60
1.0.1521223 0 / 60
1.0.1520535 0 / 60
1.0.1520139 0 / 60
1.0.1519267 0 / 60
1.0.1518653 0 / 60
1.0.1516909 0 / 60
1.0.1515988 0 / 60
1.0.1515796 0 / 60
1.0.1515446 0 / 60
1.0.1514545 0 / 60
1.0.1513662 0 / 60
1.0.1512349 0 / 60
1.0.1512147 0 / 60
1.0.1510848 0 / 60
1.0.1510180 0 / 60
1.0.1506453 0 / 60
1.0.1473514 0 / 61

v1.0.1542501

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1539728

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1537860

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1536371

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1534717

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1534251

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1533544

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1532884

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1532228

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1531367

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1530564

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1529904

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1529186

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1528866

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1526630

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1526203

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1525561

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1524741

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1522585

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1522145

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1521880

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1521746

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1521223

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1520535

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1520139

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1519267

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1518653

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1516909

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1515988

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1515796

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1515446

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1514545

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1513662

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1512349

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1512147

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1510848

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1510180

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1506453

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1473514

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.