matrix-js-sdk No license 16 versions

matrix-js-sdk

npm Repository

16

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kegsaymatrixdotorg

Keywords

matrix-org

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): SLSA provenance present; gitHead absence reflects CI change, not a risk for this established package.	ai	2026/06/11

Versions (showing 16 of 16)

Version	Deps	Published
41.7.0	13 / 53	2026-06-09
41.6.0	13 / 55	2026-05-26
41.5.0	13 / 55	2026-05-12
41.4.0	14 / 54	2026-04-28
41.3.0	14 / 54	2026-04-07
41.2.0	14 / 54	2026-03-24
41.1.0	14 / 54	2026-03-10
41.0.0	14 / 55	2026-02-24
40.2.0	14 / 55	2026-02-10
40.1.0	14 / 55	2026-01-27
40.0.0	14 / 59	2026-01-13
39.4.0	14 / 59	2025-12-16
39.3.0	14 / 59	2025-12-02
39.2.0	14 / 59	2025-11-18
39.1.2	14 / 59	2025-11-04
39.1.1	14 / 59	2025-11-04

v41.7.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v41.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v41.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v41.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v41.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v40.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v40.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v40.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v39.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v39.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.