lout
API documentation generator plugin for hapi
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): nlf (Nathan LaFreniere) is a known hapijs ecosystem contributor; addition is consistent with the hapijs org's maintainer management practices. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dep @hapi/joi is the scoped replacement for the unscoped joi package as part of the standard hapi ecosystem migration; not a novel attack surface. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): handlebars is a well-known, widely-used templating library; its use in an API documentation generator is expected and benign. | ai | |
| provenance | no-provenance | AI (provenance): lout is a 14-year-old established package; lack of Sigstore provenance is expected for its era and does not indicate risk. | ai |
Versions (showing 51 of 69)
| Version | Deps | Published |
|---|---|---|
| 11.2.3 | 4 / 6 | |
| 11.2.2 | 4 / 6 | |
| 11.2.1 | 4 / 6 | |
| 11.0.1 | 3 / 7 | |
| 11.0.0 | 3 / 7 | |
| 10.0.3 | 3 / 6 | |
| 10.0.2 | 3 / 6 | |
| 10.0.1 | 3 / 7 | |
| 9.2.0 | 3 / 7 | |
| 9.1.0 | 3 / 7 | |
| 9.0.1 | 3 / 7 | |
| 9.0.0 | 3 / 7 | |
| 8.1.1 | 3 / 7 | |
| 8.1.0 | 3 / 7 | |
| 8.0.1 | 3 / 7 | |
| 8.0.0 | 3 / 7 | |
| 7.2.0 | 3 / 7 | |
| 7.1.0 | 3 / 7 | |
| 7.0.0 | 3 / 7 | |
| 6.2.3 | 3 / 5 | |
| 6.2.2 | 3 / 5 | |
| 6.2.1 | 3 / 5 | |
| 6.2.0 | 3 / 5 | |
| 6.1.0 | 3 / 5 | |
| 6.0.1 | 3 / 5 | |
| 6.0.0 | 3 / 5 | |
| 5.2.0 | 2 / 4 | |
| 5.1.2 | 2 / 4 | |
| 5.1.1 | 2 / 4 | |
| 5.1.0 | 2 / 4 | |
| 5.0.2 | 2 / 4 | |
| 5.0.1 | 2 / 4 | |
| 5.0.0 | 2 / 4 | |
| 4.2.1 | 2 / 4 | |
| 4.2.0 | 2 / 4 | |
| 4.1.0 | 2 / 6 | |
| 4.0.0 | 2 / 6 | |
| 3.1.3 | 1 / 6 | |
| 3.1.2 | 1 / 6 | |
| 3.1.1 | 1 / 6 | |
| 3.1.0 | 1 / 6 | |
| 3.0.0 | 1 / 6 | |
| 2.2.0 | 0 / 4 | |
| 2.1.1 | 0 / 4 | |
| 2.1.0 | 0 / 4 | |
| 2.0.1 | 0 / 4 | |
| 2.0.0 | 0 / 4 | |
| 1.1.1 | 0 / 3 | |
| 1.1.0 | 0 / 3 | |
| 1.0.1 | 1 / 2 | |
| 1.0.0 | 1 / 2 |
v11.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.