karma-edge-launcher MIT 9 versions

karma-edge-launcher

npm Repository Homepage

A Karma plugin. Launcher for Microsoft Edge.

9

Versions

MIT

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nicolasmccurdywatilde

Keywords

karma-pluginkarma-launchermicrosoftedge

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	suspicious-initial-version	AI (npm-metadata): Package is 10 years old with 37k weekly downloads; version 0.0.0 reflects an early legitimate release, not a throwaway malicious package.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): Tiny payload and minimal README are consistent with an early-stage v0.0.0 of a legitimate Karma launcher plugin with a long track record.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Publisher change to nicolasmccurdy is legitimate — Nick McCurdy is the listed author in package.json and the GitHub repo is under nickmccurdy org, confirming intentional ownership transfer.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): New maintainer nicolasmccurdy is the package author per package.json; consistent with legitimate ownership transfer.	ai	2026/04/24
phantom-deps	phantom-dep:edge-launcher	AI (phantom-deps): edge-launcher is the core runtime dependency for this Edge launcher plugin; phantom detection is a false positive here as it may be used indirectly via config.	ai	2026/04/24

Versions (showing 9 of 9)

Version	Deps	Published
0.4.2	1 / 17	2017-09-12
0.4.1	1 / 17	2017-03-20
0.4.0	1 / 24	2017-03-20
0.3.0	1 / 23	2017-03-19
0.2.0	1 / 23	2016-12-14
0.1.2	1 / 22	2016-12-10
0.1.1	2 / 23	2016-10-30
0.1.0	2 / 23	2016-10-30
0.0.0	0 / 0	2016-05-14

v0.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.0

2 findings

HIGH Publisher changed: watilde → nicolasmccurdy (on 2016-10-30) provenance

This version was published by a different npm account than previous versions on 2016-10-30. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.