← Home

event-stream

npm Repository Homepage

construct pipes of streams of events

51
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

right9ctrl

Keywords

streammapflatmapfiltersplitjoinmergereplace

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require is used for protocol selection (http/https) based on user-supplied opts — a legitimate and stable pattern in this package. ai
provenance no-provenance AI (provenance): Package predates Sigstore provenance by many years; no provenance is expected and stable for this package. ai
source-diff encoded-string-file:test/replace.asynct.js AI (source-diff): The 'encoded strings' are FizzBuzz test fixture data (human-readable compact representation of FizzBuzz output) in a test file, not obfuscated payloads. Stable false positive for this package. ai
publish-pattern new-deps-added AI (publish-pattern): optimist is a well-known CLI arg parsing library by the same author; its addition is consistent with legitimate feature development. ai
dependencies unvetted-dep:stream-combiner AI (dependencies): stream-combiner is a long-standing legitimate utility package; unvetted status is a registry gap, not a real risk signal for this package. ai
dependencies unvetted-dep:map-stream AI (dependencies): map-stream is a long-standing legitimate utility package by Dominic Tarr; unvetted status is a registry gap, not a real risk signal for this package. ai
dependencies unvetted-dep:from AI (dependencies): from is a long-standing legitimate utility package by Dominic Tarr; unvetted status is a registry gap, not a real risk signal for this package. ai

Versions (showing 51 of 80)

View all versions
Version Deps Published
4.0.0 7 / 5
3.3.4 7 / 5
3.3.3 7 / 5
3.3.2 7 / 5
3.3.1 7 / 5
3.3.0 7 / 5
3.2.2 7 / 5
3.2.1 7 / 5
3.2.0 7 / 5
3.1.7 7 / 5
3.1.5 7 / 5
3.1.4 7 / 5
3.1.2 7 / 5
3.1.1 7 / 5
3.1.0 7 / 5
3.0.20 7 / 5
3.0.18 7 / 5
3.0.17 7 / 5
3.0.16 7 / 5
3.0.15 7 / 5
3.0.14 7 / 5
3.0.13 7 / 5
3.0.12 7 / 5
3.0.11 7 / 5
3.0.10 7 / 4
3.0.9 7 / 4
3.0.8 7 / 4
3.0.7 7 / 4
3.0.6 7 / 4
3.0.5 7 / 4
3.0.4 7 / 4
3.0.3 7 / 4
3.0.2 6 / 4
3.0.1 6 / 4
3.0.0 6 / 4
2.2.3 5 / 4
2.2.2 4 / 4
2.2.1 4 / 4
2.2.0 3 / 4
2.1.9 3 / 4
2.1.8 3 / 4
2.1.7 3 / 4
2.1.5 3 / 4
2.1.4 3 / 4
2.1.3 3 / 4
2.1.2 1 / 4
2.1.0 1 / 3
2.0.10 1 / 3
2.0.9 1 / 3
2.0.4 1 / 3
2.0.3 1 / 3

v2.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.