← Home

pacote

npm Repository Homepage

JavaScript package downloader

31
Versions
ISC
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

garsaquibkhannpm-cli-opsreggihashtagchrisowlstronaut

Keywords

packagesnpmgit

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): npm org packages now publish via GitHub Actions CI/CD with SLSA provenance; this is the expected publisher for all future npm CLI packages. ai
semgrep semgrep:env-spread AI (semgrep): pacote spawns npm install for git deps and must pass the parent environment; standard subprocess invocation pattern. ai
semgrep semgrep:base64-decode AI (semgrep): Decodes DSSE envelope payloads from Sigstore attestations; base64 is the canonical encoding per the DSSE spec. ai
semgrep semgrep:child-process-import AI (semgrep): pacote is a git-aware package fetcher; importing child_process to run git commands is core, documented functionality across all versions. ai
semgrep semgrep:child-process-spawn AI (semgrep): Spawning the git binary is the intended mechanism for pacote's git dependency support; stable and expected across all versions. ai
semgrep semgrep:env-bulk-read AI (semgrep): process.env enumeration in git.js is used to filter safe env vars for git subprocess — a security-conscious allowlist pattern, not malicious. Stable for this package. ai

Versions (showing 31 of 231)

Version Deps Published
2.7.8 21 / 12
2.7.7 21 / 12
2.7.6 21 / 12
2.7.5 21 / 12
2.7.4 21 / 12
2.7.3 21 / 12
2.7.2 21 / 12
2.7.1 21 / 12
2.7.0 21 / 12
2.6.0 21 / 12
2.5.0 21 / 12
2.4.0 21 / 12
2.3.2 20 / 12
2.3.1 20 / 12
2.3.0 20 / 12
2.2.2 20 / 12
2.2.1 18 / 12
2.2.0 18 / 12
2.1.2 18 / 12
2.1.1 18 / 12
2.1.0 18 / 12
2.0.5 18 / 12
2.0.4 18 / 12
2.0.3 19 / 12
2.0.2 19 / 12
2.0.1 19 / 12
2.0.0 19 / 12
1.0.0 22 / 12
0.1.1 11 / 7
0.1.0 12 / 7
0.0.0 0 / 0