redis
A modern, high performance Redis client
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): The added @node-redis/bloom is a first-party sub-package from the same redis/node-redis monorepo, following the same pattern as other @node-redis/* deps already accepted for this package. | ai | |
| dependencies | unvetted-dep:@node-redis/bloom | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/graph | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/search | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/time-series | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change is within the Redis org (htemelski-redis → nkaradzhov); both are Redis Ltd. employees. Legitimate maintainer rotation. | ai | |
| provenance | no-provenance | AI (provenance): Official redis package has historically published without Sigstore provenance; not a risk signal for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Legitimate team transition within Redis Ltd; removed maintainers replaced by other Redis-affiliated accounts. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major version bump (v4→v5) restructured to ship compiled dist/; size increase is expected for this architecture change. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Maintainer change is within the Redis org (htemelski-redis → nkaradzhov); nkaradzhov has clean track record with 163 approvals. | ai |
Versions (showing 51 of 153)
| Version | Deps | Published |
|---|---|---|
| 6.0.0 | 5 / 0 | |
| 5.12.1 | 5 / 0 | |
| 5.12.0 | 5 / 0 | |
| 5.11.0 | 5 / 0 | |
| 5.10.0 | 5 / 0 | |
| 5.9.0 | 5 / 0 | |
| 5.8.3 | 5 / 0 | |
| 5.8.2 | 5 / 0 | |
| 5.8.1 | 5 / 0 | |
| 5.8.0 | 5 / 0 | |
| 5.7.0 | 5 / 0 | |
| 5.6.1 | 5 / 0 | |
| 5.6.0 | 5 / 0 | |
| 5.5.6 | 5 / 0 | |
| 5.5.5 | 5 / 0 | |
| 5.1.1 | 5 / 0 | |
| 5.1.0 | 5 / 0 | |
| 5.0.1 | 5 / 0 | |
| 5.0.0 | 5 / 0 | |
| 4.7.1 | 6 / 4 | |
| 4.7.0 | 6 / 4 | |
| 4.6.15 | 6 / 4 | |
| 4.6.14 | 6 / 4 | |
| 4.6.13 | 6 / 4 | |
| 4.6.12 | 6 / 4 | |
| 4.6.11 | 6 / 4 | |
| 4.6.10 | 6 / 4 | |
| 4.6.9 | 6 / 4 | |
| 4.6.8 | 6 / 4 | |
| 4.6.7 | 6 / 4 | |
| 4.6.6 | 6 / 4 | |
| 4.6.5 | 6 / 4 | |
| 4.6.4 | 6 / 4 | |
| 4.6.3 | 6 / 4 | |
| 4.6.2 | 6 / 4 | |
| 4.6.1 | 6 / 4 | |
| 4.6.0 | 6 / 4 | |
| 4.5.1 | 6 / 4 | |
| 4.5.0 | 6 / 4 | |
| 4.4.0 | 6 / 4 | |
| 4.3.1 | 6 / 4 | |
| 4.3.0 | 6 / 4 | |
| 4.2.0 | 6 / 4 | |
| 4.1.1 | 6 / 4 | |
| 4.1.0 | 6 / 4 | |
| 4.0.6 | 6 / 4 | |
| 4.0.5 | 6 / 4 | |
| 4.0.4 | 6 / 4 | |
| 4.0.2 | 5 / 4 | |
| 4.0.1 | 4 / 5 | |
| 4.0.0 | 3 / 3 |
v6.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.8.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.5.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.5.5
2 findingsThis version was published by a different npm account than previous versions on 2025-06-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.1.1
2 findingsThis version was published by a different npm account than previous versions on 2025-05-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.1.0
2 findingsThis version was published by a different npm account than previous versions on 2025-05-20. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
2 findingsThis version was published by a different npm account than previous versions on 2025-05-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
2 findingsThis version was published by a different npm account than previous versions on 2025-04-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.1
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-05-08. This could indicate a legitimate maintainer transition or an account compromise.
v4.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.