← Home

mocha-phantomjs

npm Repository Homepage

Run mocha browser tests in phantomjs via the command line

35
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

metaskillsnathanboktae

Keywords

phantomjsmochatestrunnercommand linebrowser

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern new-deps-added AI (publish-pattern): The new deps (phantomjs, mocha-phantomjs-core) are the package's core purpose; this architectural split is legitimate and not an attack vector. ai
provenance publisher-changed AI (provenance): Publisher change from metaskills to nathanboktae occurred in 2014 and is a documented legitimate transition — nathanboktae is listed as a contributor in package.json itself. ai
maintainer-change maintainer-added AI (maintainer-change): nathanboktae is a listed contributor in package.json; this is a legitimate maintainer addition from 2014, not a suspicious takeover. ai
provenance no-provenance AI (provenance): Package predates Sigstore provenance by many years; absence of attestation is expected and not a risk signal for this package. ai
dependencies unvetted-dep:phantomjs AI (dependencies): mocha-phantomjs is a PhantomJS test runner; depending on the phantomjs binary package is its core purpose and has been stable across all versions. ai
phantom-deps phantom-dep:commander AI (phantom-deps): commander is a declared dependency used by the CLI binary, not via direct require() in source. This is expected for CLI tools and is a stable false positive. ai
phantom-deps phantom-dep:phantomjs AI (phantom-deps): phantomjs is the core dependency of this package, used via CLI invocation rather than direct import. Stable false positive for this package. ai
phantom-deps phantom-dep:mocha-phantomjs-core AI (phantom-deps): mocha-phantomjs-core is a declared dependency used at runtime via CLI, not via direct require() in source. Stable false positive for this package. ai

Versions (showing 35 of 35)

Version Deps Published
4.1.0 3 / 4
4.0.2 3 / 4
4.0.1 3 / 4
4.0.0 3 / 4
3.6.0 2 / 4
3.5.6 2 / 4
3.5.4 2 / 4
3.5.3 2 / 4
3.5.2 2 / 4
3.5.1 2 / 4
3.5.0 2 / 4
3.4.1 2 / 4
3.4.0 2 / 4
3.3.2 3 / 3
3.3.1 3 / 3
3.3.0 3 / 4
3.2.0 3 / 4
3.1.6 3 / 4
3.1.5 3 / 4
3.1.4 3 / 4
3.1.3 3 / 4
3.1.2 2 / 4
3.1.1 2 / 4
3.1.0 2 / 4
3.0.0 2 / 4
2.0.3 2 / 4
2.0.2 2 / 4
2.0.1 2 / 4
2.0.0 2 / 4
1.1.3 2 / 4
1.1.2 2 / 4
1.1.1 2 / 4
1.1.0 2 / 4
1.0.1 2 / 4
1.0.0 1 / 5

v4.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.2

2 findings
HIGH Publisher changed: nathanboktae → metaskills (on 2014-12-05) provenance

This version was published by a different npm account than previous versions on 2014-12-05. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.0

2 findings
HIGH Publisher changed: metaskills → nathanboktae (on 2014-05-08) provenance

This version was published by a different npm account than previous versions on 2014-05-08. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.