pnpm — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

zkochanpnpmuser

Keywords

pnpmpnpm11dependenciesdependency managerefficientfasthardlinksinstallinstallerlinklockfilemodulesmonorepomulti-packagenpmpackage managerpackage.jsonpackagesprunerapidremoveshrinkwrapsymlinksuninstallworkspace

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/node_modules/emoji-regex/es2015/index.js	AI (source-diff): emoji-regex is a well-known library; long lines are a Unicode regex pattern, not obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/node_modules/emoji-regex/index.js	AI (source-diff): Same as above — emoji-regex Unicode regex pattern bundled as expected.	ai	2026/05/14
source-diff	obfuscated-file:dist/pnpm.cjs	AI (source-diff): pnpm ships as a single esbuild bundle; long lines are expected minified output, not obfuscation.	ai	2026/05/14
source-diff	net-exec-file:dist/pnpm.cjs	AI (source-diff): pnpm is a package manager that inherently makes network calls and executes code; this is core functionality.	ai	2026/05/14
source-diff	encoded-string-file:dist/pnpm.mjs	AI (source-diff): Long base64 string is the llhttp WASM binary inside undici — a known, legitimate pattern for this package.	ai	2026/05/12
source-diff	obfuscated-file:dist/pnpm.mjs	AI (source-diff): pnpm ships a single bundled CLI artifact; minified output is expected and stable across versions.	ai	2026/05/09
source-diff	net-exec-file:dist/pnpm.mjs	AI (source-diff): Network calls and dynamic require in the bundled CLI are inherent to a package manager; not malicious.	ai	2026/05/09
provenance	publisher-changed	AI (provenance): SLSA provenance attestation confirms CI/CD publication; publisher account change is consistent with pnpm org automation.	ai	2026/05/09
source-diff	encoded-string-file:dist/pnpm.cjs	AI (source-diff): Brotli-compressed PnP hook data embedded in pnpm's bundle; stable, documented pattern across all pnpm versions.	ai	2026/05/05
npm-metadata	bundled-binaries	AI (npm-metadata): fastlist and reflink binaries are documented pnpm dependencies for process listing and copy-on-write; stable across versions.	ai	2026/04/28

Versions (showing 24 of 24)

Version	Deps	Published
11.5.0	0 / 0	2026-05-29
11.4.0	0 / 0	2026-05-27
11.3.0	0 / 0	2026-05-24
11.2.2	0 / 0	2026-05-21
11.2.1	0 / 0	2026-05-20
11.2.0	0 / 0	2026-05-20
11.1.3	0 / 0	2026-05-18
11.1.2	0 / 0	2026-05-14
11.1.1	0 / 0	2026-05-12
11.1.0	0 / 0	2026-05-11
11.0.9	0 / 0	2026-05-09
11.0.8	0 / 0	2026-05-07
11.0.7	0 / 0	2026-05-06
11.0.6	0 / 0	2026-05-05
11.0.5	0 / 0	2026-05-04
11.0.4	0 / 0	2026-05-02
11.0.3	0 / 0	2026-04-30
11.0.2	0 / 0	2026-04-30
11.0.1	0 / 0	2026-04-29
11.0.0	0 / 0	2026-04-28
10.33.4	0 / 0	2026-05-06
10.33.3	0 / 0	2026-05-04
10.33.2	0 / 0	2026-04-23
10.33.1	0 / 0	2026-04-22

v11.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.1.0

2 findings

HIGH Long encoded string in modified file: dist/pnpm.mjs source-diff

Modified file contains 7 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.7

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: pnpmuser → GitHub Actions (on 2026-05-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-06. This could indicate a legitimate maintainer transition or an account compromise.

v11.0.6

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: GitHub Actions → pnpmuser (on 2026-05-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.

v11.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.0

4 findings

HIGH Publisher changed: GitHub Actions → pnpmuser (on 2026-04-28) provenance

This version was published by a different npm account than previous versions on 2026-04-28. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/pnpm.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/pnpm.mjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.33.4

6 findings

HIGH New obfuscated file: dist/pnpm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/pnpm.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/node_modules/emoji-regex/es2015/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/node_modules/emoji-regex/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: pnpmuser → GitHub Actions (on 2026-05-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-06. This could indicate a legitimate maintainer transition or an account compromise.

v10.33.3

2 findings

HIGH Long encoded string in modified file: dist/pnpm.cjs source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.33.2

2 findings

HIGH Bundled binary files (6) npm-metadata

Package contains compiled binaries that could be backdoors: • dist/vendor/fastlist-0.3.0-x64.exe • dist/vendor/fastlist-0.3.0-x86.exe • dist/reflink.darwin-arm64-2HJ4WGO6.node • dist/reflink.darwin-x64-3G3H6IW4.node • dist/reflink.win32-arm64-msvc-Q6BARPPB.node • dist/reflink.win32-x64-msvc-J2TZHRQI.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.33.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.