← Home

n8n-core

npm Repository Homepage
19
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jan_n8n_iotomin8n

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): tomin8n is an established n8n org publisher with 180 approved packages; transition from jan_n8n_io is a documented org account change. ai
maintainer-change maintainer-added AI (maintainer-change): Same org transition; tomin8n has strong track record across n8n packages. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy reflects the publisher account change, not actual project inactivity; n8n-core is actively maintained. ai
phantom-deps phantom-dep:picocolors AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:xml2js AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:@n8n/workflow-sdk AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:htmlparser2 AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:winston AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:callsites AI (phantom-deps): Declared in package.json deps; phantom-dep heuristic false positive for this package. ai

Versions (showing 19 of 119)

Version Deps Published
1.122.5 38 / 9
1.122.4 38 / 9
1.122.3 38 / 9
1.122.2 38 / 9
1.122.1 38 / 9
1.122.0 38 / 9
1.121.2 38 / 9
1.121.1 38 / 9
1.121.0 38 / 9
1.120.2 38 / 9
1.120.1 38 / 9
1.120.0 38 / 9
1.119.3 38 / 9
1.119.2 38 / 9
1.119.1 38 / 9
1.119.0 38 / 9
1.118.1 38 / 9
1.118.0 38 / 9
1.117.1 38 / 9

v1.122.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.122.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.121.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.120.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.119.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.118.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.118.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.117.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.