ipfs-unixfs-importer No license 12 versions

ipfs-unixfs-importer

npm Repository Homepage

12

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

achingbrainipfs-npm-publisher-botnpm-service-account-ipfs

Keywords

IPFS

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change from npm-service-account-ipfs to GitHub Actions reflects a legitimate CI/CD migration; SLSA provenance attestation confirms integrity. Stable for this package going forward.	ai	2026/04/27
dependencies	unvetted-dep:rabin-wasm	AI (dependencies): rabin-wasm is a legitimate IPFS ecosystem dependency for Rabin fingerprinting/content-defined chunking; expected and appropriate for this package.	ai	2026/04/25
dependencies	unvetted-dep:hamt-sharding	AI (dependencies): hamt-sharding is a legitimate IPFS ecosystem dependency for directory sharding via HAMT; expected and appropriate for this package.	ai	2026/04/25
dependencies	unvetted-dep:@multiformats/murmur3	AI (dependencies): @multiformats/murmur3 is from the official multiformats org; expected dependency for IPFS UnixFS importer hashing operations.	ai	2026/04/25

Versions (showing 12 of 12)

Version	Deps	Published
17.0.1	15 / 4	2026-05-12
17.0.0	15 / 4	2026-05-12
16.1.5	16 / 4	2026-04-16
16.1.4	16 / 4	2026-03-11
16.1.3	16 / 4	2026-03-11
16.1.2	16 / 4	2026-03-09
16.1.1	16 / 3	2026-02-27
16.1.0	16 / 3	2026-02-16
16.0.3	15 / 4	2026-02-06
16.0.2	15 / 4	2026-01-10
16.0.1	15 / 4	2025-10-03
16.0.0	15 / 4	2025-10-03

v17.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.