← Home

firebase

npm Repository Homepage

Firebase JavaScript library for web and Node.js

85
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

firebase-opsfeiyang.chengoogle-wombotchholland

Keywords

authenticationdatabaseFirebasefirebaserealtimestorageperformanceremote-config

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:firebase-vertexai-preview.js AI (source-diff): Standard minified Firebase ESM bundle for the Vertex AI preview module; imports from Google CDN, defines standard Firebase classes. Expected for this package. ai
source-diff obfuscated-file:firebase-vertexai.js AI (source-diff): Minified JavaScript is standard for production SDK bundles; sample shows legitimate Firebase code, not obfuscation for concealment. ai
source-diff obfuscated-file:firebase-data-connect.js AI (source-diff): Minified ES6 module code from Firebase's build process; standard for SDK distribution. Code is readable as legitimate Firebase logic. ai
publish-pattern new-deps-added AI (publish-pattern): New @firebase/ai dependency is a legitimate first-party Google Firebase sub-package for the Firebase AI Logic feature, consistent with Google's documented SDK roadmap. ai
source-diff obfuscated-file:firebase-firestore-pipelines.js AI (source-diff): Minified Firestore pipeline code; standard for production builds. No malicious patterns detected. ai
source-diff large-new-source-files AI (source-diff): Firebase SDK regularly adds new modules/features across minor versions; large file counts are normal for this umbrella package. ai
source-diff obfuscated-file:firebase-firestore-lite-pipelines.js AI (source-diff): Minified Firestore Lite pipeline code; standard for production builds. No malicious patterns detected. ai
source-diff obfuscated-file:firebase-ai.js AI (source-diff): Minified Firebase AI module code; standard for production builds. No malicious patterns detected. ai
dependencies unvetted-dep:@firebase/app-check-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/firestore-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/functions-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/remote-config-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/analytics-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/auth-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/installations AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/storage-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/messaging-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/util AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/storage AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/database AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/app-types AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/functions AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/messaging AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
dependencies unvetted-dep:@firebase/app-compat AI (dependencies): Firebase internal dependency; Google-controlled monorepo component, stable across versions. ai
provenance no-provenance AI (provenance): Firebase SDK published by Google's bot account; lack of Sigstore provenance is not a risk signal for this publisher. ai
phantom-deps phantom-dep:@firebase/app-types AI (phantom-deps): Internal Firebase dependency referenced in config; expected for modular architecture. ai
phantom-deps phantom-dep:@firebase/util AI (phantom-deps): Internal Firebase dependency referenced in config; expected for modular architecture. ai
semgrep semgrep:toplevel-fetch AI (semgrep): Firebase SDK legitimately uses fetch() to communicate with Firebase services. All 56 hits are in bundled compat modules; expected for this package. ai

Versions (showing 85 of 185)

Hide prereleases
Version Deps Published
12.7.0-canary.b2827448b 28 / 12
12.7.0-canary.9cf4b7e35 28 / 12
12.7.0-canary.8e26a5590 28 / 12
12.7.0-canary.8bac8f0b2 28 / 12
12.7.0-canary.5579b387a 28 / 12
12.6.1-20251215180848 28 / 12
12.6.0-canary.f5fc6bf76 28 / 12
12.6.0-canary.e6415ddee 28 / 12
12.6.0-canary.d1d898f55 28 / 12
12.6.0-canary.bc2b2cdea 28 / 12
12.6.0-canary.a09ef786f 28 / 12
12.6.0-canary.9101b4611 28 / 12
12.6.0-canary.60d1b18bd 28 / 12
12.6.0-canary.5c7430dea 28 / 12
12.6.0-canary.59407948d 28 / 12
12.6.0-canary.578686b0b 28 / 12
12.6.0-canary.5511b4fa7 28 / 12
12.6.0-canary.1e406a2b7 28 / 12
12.6.0-20251113021847 28 / 12
12.6.0-20251112180857 28 / 12
12.5.0-eap-firestore-pipelines.2.e4cdd2e06 28 / 12
12.5.0-eap-firestore-pipelines.1.f9c4cdec7 28 / 12
12.5.0-canary.f06cbf99b 28 / 12
12.5.0-canary.c47bd7175 28 / 12
12.5.0-canary.b228a2ab9 28 / 12
12.5.0-canary.6abe52967 28 / 12
12.5.0-canary.63167c68a 28 / 12
12.5.0-canary.5c35f514c 28 / 12
12.5.0-canary.180b1ad9b 28 / 12
12.5.0-canary.0800a8bed 28 / 12
12.5.0-20251028194003 28 / 12
12.4.0-canary.c8263c471 28 / 12
12.4.0-canary.bc5a7c4a7 28 / 12
12.4.0-canary.b7e18d0ff 28 / 12
12.4.0-canary.91c218db2 28 / 12
12.4.0-canary.8209266c6 28 / 12
12.4.0-canary.6e0e30317 28 / 12
12.4.0-canary.44d9891f9 28 / 12
12.4.0-canary.261508183 28 / 12
12.4.0-canary.22e0a1adb 28 / 12
12.4.0-20251007135320 28 / 12
12.3.0-canary.ea8512812 28 / 12
12.3.0-canary.ccbf7ba36 28 / 12
12.3.0-canary.cb3bdd812 28 / 12
12.3.0-canary.7a7634f79 28 / 12
12.3.0-canary.2596dd1b5 28 / 12
12.3.0-canary.1bcf83d7f 28 / 12
12.3.0-canary.0ffcb26af 28 / 12
12.3.0-canary.0bb2fe636 28 / 12
12.3.0-cache-caching-fdc.9f17eac6e 28 / 12
12.3.0-20250917161512 28 / 12
12.2.1-canary.c1237662e 28 / 12
12.2.1-canary.a4848b401 28 / 12
12.2.1-canary.9b8ab02c5 28 / 12
12.2.1-canary.6ab71fa0b 28 / 12
12.2.1-canary.55f3f83a7 28 / 12
12.2.1-canary.4d834deb2 28 / 12
12.2.1-canary.43276b041 28 / 12
12.2.1-canary.120a30838 28 / 12
12.2.1-canary.06ab5c4f9 28 / 12
12.2.1-20250829000033 28 / 12
12.2.0-canary.f2ecae7df 28 / 12
12.2.0-canary.095c098de 28 / 12
12.2.0-20250827140758 28 / 12
12.1.0-firebase-studio-sdk-integration.f7536090e 28 / 12
12.1.0-firebase-studio-sdk-integration.556d1bed2 28 / 12
12.1.0-canary.cc605e728 28 / 12
12.1.0-canary.cbef6c6e5 28 / 12
12.1.0-canary.c5f08a9bc 28 / 12
12.1.0-canary.9b63cd60e 28 / 12
12.1.0-canary.984086b0b 28 / 12
12.1.0-canary.84b8bed35 28 / 12
12.1.0-canary.5501791d0 28 / 12
12.1.0-canary.44d8d742f 28 / 12
12.1.0-canary.2058432e6 28 / 12
12.1.0-canary.02280d747 28 / 12
12.1.0-20250806231852 28 / 12
12.0.0-canary.e25317f9f 28 / 12
12.0.0-canary.b9209dc91 28 / 12
12.0.0-canary.a4897a621 28 / 12
12.0.0-canary.56fbe5207 28 / 12
12.0.0-canary.492353771 28 / 12
12.0.0-20250716201504 28 / 12
12.0.0-20250716004940 28 / 12
12.0.0-20250715195345 28 / 12

v12.7.0-canary.b2827448b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.7.0-canary.9cf4b7e35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.7.0-canary.8e26a5590

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.7.0-canary.8bac8f0b2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.7.0-canary.5579b387a

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.1-20251215180848

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.f5fc6bf76

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.e6415ddee

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.d1d898f55

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.bc2b2cdea

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.a09ef786f

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.9101b4611

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.60d1b18bd

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.5c7430dea

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.59407948d

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.578686b0b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.5511b4fa7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-canary.1e406a2b7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-20251113021847

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0-20251112180857

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-eap-firestore-pipelines.2.e4cdd2e06

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-eap-firestore-pipelines.1.f9c4cdec7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.5.0-canary.f06cbf99b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-canary.c47bd7175

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.5.0-canary.b228a2ab9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-canary.6abe52967

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-canary.63167c68a

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.5.0-canary.5c35f514c

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-canary.180b1ad9b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0-canary.0800a8bed

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.5.0-20251028194003

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.c8263c471

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.bc5a7c4a7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.b7e18d0ff

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.91c218db2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.8209266c6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.6e0e30317

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.44d9891f9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.261508183

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-canary.22e0a1adb

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.4.0-20251007135320

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.ea8512812

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.ccbf7ba36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.cb3bdd812

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.7a7634f79

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.2596dd1b5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.1bcf83d7f

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.0ffcb26af

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-canary.0bb2fe636

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0-cache-caching-fdc.9f17eac6e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.3.0-20250917161512

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.c1237662e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.a4848b401

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.9b8ab02c5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.6ab71fa0b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.55f3f83a7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.4d834deb2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.43276b041

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.120a30838

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-canary.06ab5c4f9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.1-20250829000033

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.0-canary.f2ecae7df

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.0-canary.095c098de

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.2.0-20250827140758

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-firebase-studio-sdk-integration.f7536090e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-firebase-studio-sdk-integration.556d1bed2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.cc605e728

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.cbef6c6e5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.c5f08a9bc

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.9b63cd60e

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.984086b0b

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.84b8bed35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.5501791d0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.44d8d742f

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.2058432e6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-canary.02280d747

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.0-20250806231852

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-canary.e25317f9f

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-canary.b9209dc91

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-canary.a4897a621

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-canary.56fbe5207

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-canary.492353771

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-20250716201504

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-20250716004940

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.0.0-20250715195345

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.