degit
Straightforward project scaffolding
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 3.3.2 | 0 / 22 | |
| 3.3.1 | 0 / 22 | |
| 3.3.0 | 0 / 22 | |
| 3.2.0 | 0 / 23 | |
| 3.1.2 | 0 / 23 | |
| 3.1.1 | 0 / 23 | |
| 3.1.0 | 0 / 23 | |
| 2.8.4 | 0 / 22 |
v3.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (yoglib) than the most recent previously approved version (rich_harris) on 2026-05-24, but yoglib is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.