log-update
Log by overwriting the previous output in the terminal. Useful for rendering progress bars, animations, etc.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): Size increase from v2.2.0 to v3.1.0 is explained by added TypeScript definitions, new wrap-ansi dependency, and feature additions — no malicious payload indicators. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): string-width is a sindresorhus-authored, widely trusted utility package; its addition is consistent with log-update's terminal rendering purpose and poses no supply chain risk. | ai | |
| dependencies | unvetted-dep:ansi-escapes | AI (dependencies): ansi-escapes is a well-known sindresorhus package for ANSI escape codes; a natural and expected dependency for this terminal utility. Not a risk. | ai | |
| provenance | no-provenance | AI (provenance): sindresorhus packages historically lack Sigstore provenance; this is consistent across the author's catalog and not a risk indicator for this trusted publisher. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 8.0.0 | 6 / 5 | |
| 7.2.0 | 5 / 6 | |
| 7.1.0 | 5 / 6 | |
| 7.0.2 | 5 / 6 | |
| 7.0.1 | 5 / 6 | |
| 7.0.0 | 5 / 6 | |
| 6.1.0 | 5 / 6 | |
| 6.0.0 | 5 / 6 | |
| 5.0.1 | 5 / 6 | |
| 5.0.0 | 4 / 5 | |
| 4.0.0 | 4 / 5 | |
| 3.4.0 | 3 / 5 | |
| 3.3.0 | 3 / 5 | |
| 3.2.0 | 3 / 5 | |
| 3.1.1 | 3 / 5 | |
| 3.1.0 | 3 / 5 | |
| 3.0.0 | 3 / 3 | |
| 2.3.0 | 3 / 1 | |
| 2.2.0 | 3 / 1 | |
| 2.1.0 | 3 / 1 | |
| 2.0.0 | 3 / 1 | |
| 1.0.2 | 2 / 2 | |
| 1.0.1 | 2 / 2 | |
| 1.0.0 | 2 / 2 |
v7.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.