← Home

noon

npm Repository Homepage

no ordinary object notation

100
Versions
Unlicense
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

monsterkodi

Keywords

noonobjectnotation

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:js/noon.js AI (source-diff): File is koffee-compiled JavaScript (header says '// koffee 0.43.0'). Long lines are static string literals (CLI help text), not obfuscation. Stable for this package. ai
source-diff obfuscated-file:js/parse.js AI (source-diff): File is koffee-compiled JavaScript (header says '// koffee 0.43.0'). Readable, structured code with normal patterns. Not obfuscated. ai
source-diff obfuscated-file:js/stringify.js AI (source-diff): File is koffee-compiled JavaScript (header says '// koffee 0.56.0'). Readable, structured code with normal patterns. Not obfuscated. ai
source-diff source-size-tripled AI (source-diff): Size increase is due to adding pre-compiled koffee/JS output files to the package distribution. Legitimate build artifact addition. ai
semgrep semgrep:dynamic-require AI (semgrep): The require() call uses a static string literal argument for CLI help text, not a dynamic variable. False positive for this package. ai

Versions (showing 100 of 114)

Version Deps Published
3.5.0 2 / 3
3.4.0 2 / 3
3.1.0 2 / 3
3.0.3 2 / 3
3.0.0 4 / 3
2.15.0 5 / 3
2.14.1 5 / 3
2.14.0 5 / 6
2.13.0 5 / 6
2.12.3 5 / 6
2.12.2 5 / 6
2.12.1 5 / 3
2.11.0 5 / 3
2.10.0 5 / 3
2.9.0 5 / 3
2.8.0 5 / 3
2.7.0 5 / 3
2.6.0 5 / 3
2.5.0 5 / 3
2.4.0 5 / 3
2.3.0 6 / 3
2.0.2 6 / 3
2.0.0 6 / 3
1.5.0 7 / 2
1.4.0 7 / 2
1.3.1 7 / 2
1.3.0 7 / 2
1.2.0 7 / 2
1.1.2 5 / 2
1.1.1 5 / 2
1.1.0 6 / 2
1.0.14 6 / 2
1.0.13 6 / 2
1.0.12 7 / 2
1.0.11 7 / 2
1.0.9 7 / 2
1.0.8 7 / 2
1.0.6 7 / 2
1.0.5 7 / 2
1.0.4 7 / 2
1.0.3 7 / 2
1.0.2 7 / 2
1.0.1 7 / 2
0.9.17 7 / 2
0.9.16 7 / 2
0.9.15 7 / 2
0.9.14 7 / 2
0.9.13 7 / 2
0.9.12 7 / 2
0.9.11 7 / 2
0.9.10 7 / 2
0.9.9 7 / 2
0.9.8 7 / 2
0.9.7 7 / 2
0.9.6 7 / 2
0.9.5 7 / 2
0.9.4 7 / 2
0.9.3 7 / 2
0.9.2 7 / 2
0.9.1 7 / 2
0.8.3 5 / 2
0.8.2 5 / 2
0.8.1 5 / 2
0.7.5 5 / 2
0.7.4 5 / 2
0.7.3 5 / 2
0.7.2 5 / 2
0.7.1 5 / 2
0.6.17 5 / 0
0.6.16 5 / 0
0.6.15 5 / 0
0.6.14 5 / 0
0.6.13 5 / 0
0.6.12 5 / 0
0.6.11 5 / 0
0.6.10 5 / 0
0.6.9 5 / 0
0.6.8 5 / 0
0.6.7 5 / 0
0.6.6 5 / 0
0.6.5 5 / 0
0.6.4 5 / 11
0.6.3 5 / 11
0.6.2 5 / 11
0.6.1 5 / 11
0.5.6 5 / 11
0.5.5 5 / 11
0.5.4 5 / 11
0.5.3 5 / 10
0.5.2 5 / 10
0.5.1 5 / 10
0.4.5 5 / 10
0.4.4 5 / 10
0.4.3 5 / 10
0.4.2 5 / 10
0.4.1 5 / 10
0.3.6 5 / 10
0.3.5 5 / 10
0.3.4 5 / 10
0.3.3 5 / 10
Showing 100 of 114 Next page →

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.14.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.12.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.12.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.12.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.10.0

4 findings
HIGH New obfuscated file: js/noon.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: js/parse.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: js/stringify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.