kind-of

Get the native type of a value.

Supply chain provenance

Status for the latest visible version.

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

Keywords

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:new-function-constructor	AI (semgrep): Usage is in test.js only, as a test input to verify type detection. Not in production code; no dynamic code execution risk.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): doowb is a known, trusted collaborator in the jonschlinkert ecosystem; this is a documented legitimate maintainer transition, not a compromise.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): doowb is a long-standing collaborator with strong track record (54 approved packages); addition is a legitimate handoff.	ai	2026/04/21
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by 6.0.3 is explained by a targeted security fix for prototype pollution; consistent with legitimate maintenance.	ai	2026/04/21
source-diff	source-size-tripled	AI (source-diff): Size increase reflects added constructor-based type checking for the prototype pollution security fix, not injected payload.	ai	2026/04/21

Version	Deps	Published
6.0.3	0 / 5	2020-01-16
5.1.0	0 / 8	2017-10-13
5.0.2	0 / 8	2017-08-02
5.0.1	0 / 8	2017-07-31
5.0.0	0 / 7	2017-06-21
4.0.0	1 / 8	2017-05-19
3.2.2	1 / 8	2017-05-16
3.2.1	1 / 8	2017-05-16
3.2.0	1 / 7	2017-04-25
3.1.0	1 / 8	2016-12-07
3.0.4	1 / 8	2016-07-29
3.0.3	1 / 9	2016-05-03
3.0.2	1 / 8	2015-11-17
3.0.1	1 / 9	2015-11-17
3.0.0	1 / 9	2015-11-17
2.0.1	1 / 7	2015-08-21
2.0.0	0 / 7	2015-05-31
1.1.0	0 / 6	2015-02-09
1.0.1	0 / 6	2015-02-03
1.0.0	0 / 6	2015-01-19
0.1.2	0 / 8	2014-10-26
0.1.1	0 / 3	2014-10-23
0.1.0	0 / 3	2014-09-26