es-toolkit
A state-of-the-art, high-performance JavaScript utility library with a small bundle size and strong type annotations.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/browser.global.js | AI (source-diff): dist/browser.global.js is the package's documented browser bundle entry point, produced by rollup+terser. The sample shows readable utility function names with no malicious patterns. Stable for this package. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from toss-build-bot to GitHub Actions with SLSA provenance attestation is a supply chain improvement, not a compromise indicator. Consistent with toss/es-toolkit repo. | ai | |
| source-diff | large-new-source-files | AI (source-diff): es-toolkit is an actively developed utility library with 1497 versions; adding new utility functions (108 files) is expected growth, verified by SLSA provenance. | ai |
Versions (showing 100 of 492)
| Version | Deps | Published |
|---|---|---|
| 1.47.0 | 0 / 35 | |
| 1.46.1 | 0 / 38 | |
| 1.46.0 | 0 / 38 | |
| 1.45.1 | 0 / 38 | |
| 1.45.0 | 0 / 38 | |
| 1.44.0 | 0 / 39 | |
| 1.43.0 | 0 / 39 | |
| 1.42.0 | 0 / 39 | |
| 1.41.0 | 0 / 39 | |
| 1.40.0 | 0 / 39 | |
| 1.39.10 | 0 / 37 | |
| 1.39.9 | 0 / 37 | |
| 1.39.8 | 0 / 37 | |
| 1.39.7 | 0 / 37 | |
| 1.39.6 | 0 / 37 | |
| 1.39.5 | 0 / 37 | |
| 1.39.4 | 0 / 36 | |
| 1.39.3 | 0 / 36 | |
| 1.39.2 | 0 / 36 | |
| 1.39.1 | 0 / 36 | |
| 1.39.0 | 0 / 36 | |
| 1.38.0 | 0 / 36 | |
| 1.37.2 | 0 / 36 | |
| 1.37.1 | 0 / 36 | |
| 1.37.0 | 0 / 36 | |
| 1.36.0 | 0 / 36 | |
| 1.35.0 | 0 / 36 | |
| 1.34.1 | 0 / 36 | |
| 1.34.0 | 0 / 36 | |
| 1.33.0 | 0 / 34 | |
| 1.32.0 | 0 / 34 | |
| 1.31.0 | 0 / 33 | |
| 1.30.1 | 0 / 33 | |
| 1.30.0 | 0 / 33 | |
| 1.29.0 | 0 / 33 | |
| 1.28.0 | 0 / 34 | |
| 1.27.0 | 0 / 34 | |
| 1.26.1 | 0 / 34 | |
| 1.26.0 | 0 / 34 | |
| 1.25.2 | 0 / 34 | |
| 1.25.1 | 0 / 34 | |
| 1.25.0 | 0 / 34 | |
| 1.24.0 | 0 / 34 | |
| 1.23.0 | 0 / 33 | |
| 1.22.0 | 0 / 30 | |
| 1.21.0 | 0 / 30 | |
| 1.20.0 | 0 / 29 | |
| 1.19.0 | 0 / 29 | |
| 1.18.0 | 0 / 29 | |
| 1.17.0 | 0 / 25 | |
| 1.16.0 | 0 / 29 | |
| 1.15.1 | 0 / 29 | |
| 1.15.0 | 0 / 29 | |
| 1.14.0 | 0 / 29 | |
| 1.13.1 | 0 / 20 | |
| 1.13.0 | 0 / 20 | |
| 1.12.0 | 0 / 20 | |
| 1.11.0 | 0 / 20 | |
| 1.10.1 | 0 / 23 | |
| 1.10.0 | 0 / 23 | |
| 1.9.0 | 0 / 23 | |
| 1.8.0 | 0 / 23 | |
| 1.7.1 | 0 / 23 | |
| 1.7.0 | 0 / 23 | |
| 1.6.1 | 0 / 22 | |
| 1.6.0 | 0 / 22 | |
| 1.5.0 | 0 / 22 | |
| 1.4.0 | 0 / 21 | |
| 1.3.1 | 0 / 21 | |
| 1.3.0 | 0 / 21 | |
| 1.2.2 | 0 / 21 | |
| 1.2.1 | 0 / 21 | |
| 1.2.0 | 0 / 21 | |
| 1.1.0 | 0 / 21 | |
| 1.0.4 | 0 / 21 | |
| 1.0.3 | 0 / 22 | |
| 1.0.2 | 0 / 22 | |
| 0.0.1 | 0 / 15 | |
| 1.46.0-dev.1786 | 0 / 38 | |
| 1.45.1-dev.1785 | 0 / 38 | |
| 1.45.1-dev.1784 | 0 / 38 | |
| 1.45.1-dev.1783 | 0 / 38 | |
| 1.45.1-dev.1782 | 0 / 38 | |
| 1.45.1-dev.1779 | 0 / 38 | |
| 1.45.1-dev.1778 | 0 / 38 | |
| 1.45.1-dev.1777 | 0 / 38 | |
| 1.45.1-dev.1776 | 0 / 38 | |
| 1.45.1-dev.1775 | 0 / 38 | |
| 1.45.1-dev.1774 | 0 / 38 | |
| 1.45.1-dev.1773 | 0 / 38 | |
| 1.45.1-dev.1772 | 0 / 38 | |
| 1.45.1-dev.1771 | 0 / 38 | |
| 1.45.1-dev.1770 | 0 / 38 | |
| 1.45.1-dev.1769 | 0 / 38 | |
| 1.45.1-dev.1768 | 0 / 38 | |
| 1.45.1-dev.1767 | 0 / 38 | |
| 1.45.1-dev.1766 | 0 / 38 | |
| 1.45.1-dev.1765 | 0 / 38 | |
| 1.45.1-dev.1764 | 0 / 38 | |
| 1.45.1-dev.1763 | 0 / 38 |
v1.47.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.46.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.46.0-dev.1786
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1785
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1784
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1783
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1782
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1779
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1778
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1777
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1776
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1775
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1774
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1773
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1772
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1771
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1770
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1769
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1768
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1767
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1766
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1765
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1764
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.1-dev.1763
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.