node-sarif-builder
Module to help building SARIF log files
6
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
nvuillam
Keywords
sarifbuildernodesimplelinteroutputformat
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from nvuillam to GitHub Actions, consistent with CI/CD publishing from the same repo. SLSA provenance attestation confirms automated release. | ai | |
| phantom-deps | phantom-dep:@types/sarif | AI (phantom-deps): @types/sarif is a TypeScript type declaration package listed as runtime dep to export types; not directly imported but used by convention. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 4.1.0 | 2 / 17 | |
| 4.0.0 | 2 / 17 | |
| 3.4.0 | 2 / 17 | |
| 3.3.1 | 2 / 17 | |
| 3.3.0 | 2 / 17 | |
| 3.2.0 | 2 / 17 |
v3.2.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.