← Home

eslint-plugin-package-json

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

joshuakgoldbergmfaith

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-removed AI (maintainer-change): jzetlen removal consistent with maintainer handoff to michaelfaith. ai
maintainer-change maintainer-added AI (maintainer-change): mfaith is listed contributor and new repo owner; legitimate transition. ai
provenance missing-githead AI (provenance): gitHead commonly absent when publishing via GitHub Actions; SLSA provenance compensates. ai
provenance slsa-provenance AI (provenance): SLSA provenance confirms legitimate CI/CD pipeline. ai
provenance publisher-changed AI (provenance): Moved to GitHub Actions CI/CD publishing with SLSA provenance; legitimate transition. ai
dependencies unvetted-dep:eslint-fix-utils AI (dependencies): Legitimate linting utility dependency; stable pattern for this eslint plugin package. ai
dependencies unvetted-dep:@altano/repository-tools AI (dependencies): Utility dependency for an established eslint plugin; no malicious indicators. ai
dependencies unvetted-dep:package-json-validator AI (dependencies): Core functional dependency for package.json validation; expected for this plugin. ai

Versions (showing 3 of 103)

Version Deps Published
0.33.1 9 / 40
0.33.0 9 / 40
0.32.0 9 / 40

v0.33.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.32.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.