← Home

get-it

npm Repository Homepage
6
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

kmelvebjoergerexxarsskogsmaskintoninamattcraigjoneidejohnsenrubiozrobinpyonmariuslundgardsanity-ioirina937evenwradhe_sanityrbottendanielsgrovesjudofyrryanblockobliadpdcilkemadkenfredcarlsenhermanwsgulsethatombenderstipsansnorreebsanity-svc.npmrankersrdunkmichael-sanityvincentquigleyritasdiaspete-garnett-sanitykenjonespizzajosh_sanity_iocngonzalez-sanityjjburbridgetdfka_rickryanbonial-sanityindrek.karnerashsergeisarvirorefiitodrewsanitykaspar.lippmaa.sanitydamsimen.svaletbesedadaniel.malmerjordanl17colepetersarmandocernajoan_miralles_paezrealmfourchristianhgpedro-sanityjwoods-sanitybinoy14pauloborgesfaushachrislarocquesanitytnaughts1mm-sanitydennis.padiernosalexjmold-sanityjason.browntaclandworkrostimelkmdinningmattlewine.sanitymsfragalaadoprogtonysanityu269cbramdo_samhembetsongeorgedoescodemacdonsteoinsanitydashedstripesjmswrnrsnocorp_sanitymmgjfilmajgu-stavmads.mogenshojsanitytomsanity-cbsanitykevvictor.ayoguryanbethel_sanitybrianlerouxp10ekrlundjonahsnidermwrittertorbratsbergsanityevelinawahlstromjw-sanitybobinska.devoleg1357josef-sanitygabe.wyattkbrabrandannez-sanitysanityjamielaurenashpolesanitygeoffballcarsten.schwesigfishstix81simenss

Keywords

requesthttpfetch

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@types/follow-redirects AI (dependencies): Type-only package (@types/*); no runtime code, no security risk for this package. ai
phantom-deps phantom-dep:@types/follow-redirects AI (phantom-deps): @types/follow-redirects is a type declaration package used for TypeScript type augmentation; not directly imported at runtime is expected. ai

Versions (showing 6 of 6)

Version Deps Published
8.7.2 4 / 30
8.7.1 6 / 28
8.7.0 6 / 28
8.6.10 6 / 29
8.6.9 6 / 29
8.6.8 6 / 29

v8.7.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.7.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.6.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.