msw
Seamless REST/GraphQL API mocking library for browser and Node.js.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): msw v2.x is a major rewrite with large browser bundles and source maps; size growth is expected and consistent with the version diff showing new build artifacts. | ai | |
| provenance | missing-githead | AI (provenance): Established package with clean publisher history; missing gitHead is a minor metadata concern, not a security signal. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Usage is `new Function('return this')()` — a static string literal for cross-env global detection in a UMD bundle. No dynamic input; this is a well-known safe idiom in bundled JS. | ai | |
| phantom-deps | phantom-dep:virtual-cookies | AI (phantom-deps): virtual-cookies is a minor phantom dep in msw — declared but not directly imported; no security implication for this well-established mocking library. | ai | |
| phantom-deps | phantom-dep:@types/inquirer | AI (phantom-deps): @types packages are TypeScript type definitions; not being directly imported at runtime is expected and not a security concern for msw. | ai | |
| phantom-deps | phantom-dep:path-to-regexp | AI (phantom-deps): Consistent with msw's multi-target package structure; not a security concern. | ai | |
| phantom-deps | phantom-dep:is-node-process | AI (phantom-deps): Consistent with msw's multi-target package structure; not a security concern. | ai | |
| dependencies | unvetted-dep:node-request-interceptor | AI (dependencies): node-request-interceptor is a well-known msw companion library by the same author (kettanaito); its use here is expected and documented. | ai | |
| dependencies | unvetted-dep:headers-utils | AI (dependencies): headers-utils is authored by kettanaito, the same publisher as msw; it is an expected companion dependency for this package. | ai | |
| phantom-deps | phantom-dep:@mswjs/cookies | AI (phantom-deps): msw bundles dependencies into its distributed output; phantom deps are expected for this package's build structure. | ai | |
| phantom-deps | phantom-dep:statuses | AI (phantom-deps): Consistent with msw's multi-target package structure; not a security concern. | ai | |
| phantom-deps | phantom-dep:@open-draft/until | AI (phantom-deps): @open-draft/until is a utility from the same author ecosystem, likely bundled into the output; phantom-dep finding is a stable false positive for this package. | ai | |
| source-diff | obfuscated-file:lib/iife/index.js | AI (source-diff): msw ships minified IIFE bundles for browser use; the sample shows standard readable minified JS (HTTP status codes, Headers impl), not obfuscation. Stable pattern for this package. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() calls in lib/index.js are webpack-bundled module evaluation patterns (__webpack_require__), not arbitrary code execution. This is a stable false positive for this webpack-built package. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): The env-bulk-read pattern is from the bundled 'debug' library, which reads process.env keys matching /^debug_/i — a well-known, benign configuration pattern stable across msw versions. | ai | |
| phantom-deps | phantom-dep:node-match-path | AI (phantom-deps): node-match-path is a legitimate path-matching dependency for a request mocking library; phantom classification is benign here. | ai | |
| phantom-deps | phantom-dep:ramda | AI (phantom-deps): ramda is used via babel-plugin-ramda for tree-shaking at build time; not directly imported in source is expected for this pattern. | ai | |
| phantom-deps | phantom-dep:node-fetch | AI (phantom-deps): node-fetch is a legitimate declared dependency used in build/config context; phantom classification is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:formdata-node | AI (phantom-deps): formdata-node is a legitimate declared dependency for form data handling; phantom classification is a false positive for this package. | ai | |
| dependencies | unvetted-dep:node-fetch | AI (dependencies): node-fetch is a well-known, legitimate HTTP library; its use in msw for Node.js HTTP mocking is expected and benign across all versions. | ai | |
| dependencies | unvetted-dep:@types/js-levenshtein | AI (dependencies): @types/js-levenshtein is a type definition package for js-levenshtein, a well-known string distance library. No malicious signal; stable dependency for this package. | ai | |
| phantom-deps | phantom-dep:js-levenshtein | AI (phantom-deps): Consistent with msw's multi-target package structure; not a security concern. | ai | |
| phantom-deps | phantom-dep:@types/js-levenshtein | AI (phantom-deps): Type-only dependency loaded by TypeScript convention, not a runtime import. | ai | |
| phantom-deps | phantom-dep:chokidar | AI (phantom-deps): chokidar is used in config/watch scripts, not directly imported in library code. Consistent with msw's dev tooling. | ai | |
| dependencies | unvetted-dep:@bundled-es-modules/js-levenshtein | AI (dependencies): Bundled ES module wrapper for js-levenshtein, used by MSW for string matching. Legitimate dependency with no malicious signal. | ai | |
| provenance | no-provenance | AI (provenance): msw is a well-established package; lack of Sigstore provenance is a best-practice gap, not a security risk for this publisher. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): graphql is a well-established package; msw explicitly supports GraphQL mocking so this dependency is expected. | ai | |
| phantom-deps | phantom-dep:@types/cookie | AI (phantom-deps): msw uses @types/cookie for type augmentation — known pattern for this package. | ai | |
| dependencies | unvetted-dep:@bundled-es-modules/tough-cookie | AI (dependencies): MSW's own ESM-compatible wrapper of the well-known 'tough-cookie' package; legitimate dependency for HTTP mocking. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process use in msw's postinstall.js is for local file operations (copying SW files), not arbitrary remote code execution. Stable and benign for this package. | ai | |
| dependencies | unvetted-dep:@bundled-es-modules/cookie | AI (dependencies): MSW's own ESM-compatible wrapper of the well-known 'cookie' package; legitimate dependency for HTTP mocking. | ai | |
| dependencies | unvetted-dep:@types/cookie | AI (dependencies): TypeScript type definitions for cookie parsing; benign runtime dependency used for type information in MSW's HTTP handling. | ai | |
| dependencies | unvetted-dep:@bundled-es-modules/statuses | AI (dependencies): MSW's own ESM-compatible wrapper of the well-known 'statuses' package; legitimate dependency for HTTP mocking. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are source maps and build artifacts consistent with msw's build process — no injected or obfuscated code. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change to GitHub Actions is consistent with CI/CD automated publishing, corroborated by SLSA provenance attestation. Legitimate transition for msw. | ai | |
| dependencies | unvetted-dep:@mswjs/interceptors | AI (dependencies): @mswjs/interceptors is a first-party msw dependency maintained by the same author; stable and expected. | ai | |
| phantom-deps | phantom-dep:@types/statuses | AI (phantom-deps): msw uses @types/statuses for type augmentation — known pattern for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP (127.0.0.1) appears only in unit test assertions for URL coercion logic — not a network request in production code. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): 'msw' is a well-known brand (Mock Service Worker) with 2700+ days of history; not a typosquat of 'qs'. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is standard modern JS used for property access in msw's internals; not obfuscation in this context. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): msw's postinstall is a well-documented, safe local script that copies service worker files. No network calls or exfiltration; stable pattern across all versions. | ai |
Versions (showing 51 of 165)
| Version | Deps | Published |
|---|---|---|
| 2.14.6 | 18 / 45 | |
| 2.14.5 | 18 / 45 | |
| 2.14.4 | 18 / 45 | |
| 2.14.3 | 18 / 45 | |
| 2.14.2 | 18 / 45 | |
| 2.14.1 | 18 / 45 | |
| 2.14.0 | 18 / 45 | |
| 2.13.6 | 18 / 45 | |
| 2.12.5 | 18 / 52 | |
| 2.11.1 | 18 / 47 | |
| 2.10.4 | 18 / 47 | |
| 2.10.3 | 18 / 47 | |
| 2.8.7 | 18 / 46 | |
| 2.8.2 | 18 / 46 | |
| 2.8.0 | 18 / 46 | |
| 2.7.3 | 18 / 47 | |
| 2.7.0 | 18 / 47 | |
| 2.6.9 | 18 / 47 | |
| 2.6.8 | 18 / 47 | |
| 2.6.7 | 18 / 47 | |
| 2.6.6 | 18 / 47 | |
| 2.6.1 | 18 / 47 | |
| 2.6.0 | 18 / 47 | |
| 2.5.0 | 17 / 45 | |
| 2.4.13 | 17 / 45 | |
| 2.4.12 | 17 / 45 | |
| 2.4.11 | 17 / 45 | |
| 2.4.7 | 17 / 46 | |
| 2.4.5 | 17 / 46 | |
| 2.3.5 | 17 / 46 | |
| 2.2.14 | 17 / 46 | |
| 2.2.13 | 17 / 46 | |
| 2.2.12 | 17 / 46 | |
| 2.2.8 | 17 / 46 | |
| 2.2.6 | 17 / 46 | |
| 2.2.5 | 17 / 46 | |
| 2.2.4 | 17 / 46 | |
| 2.2.1 | 17 / 46 | |
| 2.2.0 | 17 / 46 | |
| 2.1.6 | 18 / 46 | |
| 2.1.5 | 18 / 46 | |
| 2.1.4 | 18 / 46 | |
| 2.1.2 | 21 / 46 | |
| 2.0.8 | 21 / 51 | |
| 2.0.6 | 22 / 51 | |
| 2.0.5 | 22 / 51 | |
| 2.0.3 | 23 / 50 | |
| 2.0.2 | 23 / 50 | |
| 1.3.5 | 19 / 48 | |
| 1.3.1 | 19 / 48 | |
| 1.3.0 | 19 / 48 |
v2.14.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.13.6
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
v2.12.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.8.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.5
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
v2.2.14
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
v2.2.13
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
v2.2.12
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
v2.2.8
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
v2.2.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: kettanaito.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.