dependency-cruiser No license 10 versions

dependency-cruiser

npm Repository Homepage

10

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

sverweijfoureightone

Keywords

static analysiscirculardependenciestypescriptjavascriptcoffeescriptES6ES2015AMDCommonJSvalidationspelunking

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:teamcity-service-messages	AI (dependencies): Legitimate TeamCity reporter dependency; expected for a dependency analysis tool with CI reporter support.	ai	2026/05/18
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in extract-webpack-resolve-config.mjs is intentional — the module's purpose is to load user-specified webpack configs at runtime. This is a stable, documented design pattern for this package.	ai	2026/04/25
dependencies	unvetted-dep:watskeburt	AI (dependencies): watskeburt is authored by the same maintainer (sverweij) as dependency-cruiser; it's a companion package in the same ecosystem with no suspicious signals.	ai	2026/04/25
dependencies	unvetted-dep:acorn-jsx-walk	AI (dependencies): acorn-jsx-walk is a small, focused AST-walking utility for JSX; no suspicious signals and appropriate for dependency-cruiser's static analysis use case.	ai	2026/04/25

Versions (showing 10 of 10)

Version	Deps	Published
17.3.10	18 / 41	2026-03-26
17.3.9	18 / 41	2026-03-12
17.3.7	18 / 41	2026-01-22
17.3.2	20 / 39	2025-11-30
17.3.1	20 / 39	2025-11-16
17.2.0	20 / 39	2025-10-28
17.1.0	20 / 39	2025-10-15
17.0.2	20 / 39	2025-10-03
17.0.1	20 / 39	2025-08-04
17.0.0	21 / 39	2025-07-27

v17.3.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.3.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.