redis
A modern, high performance Redis client
57
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
bobymicrobydmaier-redislabshtemelski-rediselena-redisnkaradzhov
Keywords
redis
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): The added @node-redis/bloom is a first-party sub-package from the same redis/node-redis monorepo, following the same pattern as other @node-redis/* deps already accepted for this package. | ai | |
| dependencies | unvetted-dep:@node-redis/bloom | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/graph | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/search | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| dependencies | unvetted-dep:@node-redis/time-series | AI (dependencies): First-party sub-package from the node-redis monorepo, maintained by the same team as the redis package itself. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change is within the Redis org (htemelski-redis → nkaradzhov); both are Redis Ltd. employees. Legitimate maintainer rotation. | ai | |
| provenance | no-provenance | AI (provenance): Official redis package has historically published without Sigstore provenance; not a risk signal for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Legitimate team transition within Redis Ltd; removed maintainers replaced by other Redis-affiliated accounts. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major version bump (v4→v5) restructured to ship compiled dist/; size increase is expected for this architecture change. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Maintainer change is within the Redis org (htemelski-redis → nkaradzhov); nkaradzhov has clean track record with 163 approvals. | ai |
Versions (showing 57 of 157)
| Version | Deps | Published |
|---|---|---|
| 0.8.1 | 0 / 1 | |
| 0.8.0 | 0 / 1 | |
| 0.7.3 | 0 / 1 | |
| 0.7.2 | 1 / 1 | |
| 0.7.1 | 0 / 1 | |
| 0.7.0 | 0 / 1 | |
| 0.6.7 | 0 / 0 | |
| 0.6.6 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.6.3 | 0 / 0 | |
| 0.6.2 | 0 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.5.11 | 0 / 0 | |
| 0.5.10 | 0 / 0 | |
| 0.5.9 | 0 / 0 | |
| 0.5.8 | 0 / 0 | |
| 0.5.7 | 0 / 0 | |
| 0.5.6 | 0 / 0 | |
| 0.5.5 | 0 / 0 | |
| 0.5.4 | 0 / 0 | |
| 0.5.3 | 0 / 0 | |
| 0.5.2 | 0 / 0 | |
| 0.5.1 | 0 / 0 | |
| 0.5.0 | 0 / 0 | |
| 0.4.2 | 0 / 0 | |
| 0.4.1 | 0 / 0 | |
| 0.4.0 | 0 / 0 | |
| 0.3.9 | 0 / 0 | |
| 0.3.7 | 0 / 0 | |
| 0.3.6 | 0 / 0 | |
| 0.3.5 | 0 / 0 | |
| 0.3.4 | 0 / 0 | |
| 0.3.3 | 0 / 0 | |
| 0.3.2 | 0 / 0 | |
| 0.3.1 | 0 / 0 | |
| 0.3.0 | 0 / 0 | |
| 0.2.6 | 0 / 0 | |
| 0.2.4 | 0 / 0 | |
| 0.2.3 | 0 / 0 | |
| 0.2.2 | 0 / 0 | |
| 0.2.1 | 0 / 0 | |
| 0.2.0 | 0 / 0 | |
| 0.1.2 | 0 / 0 | |
| 0.1.1 | 0 / 0 | |
| 0.1.0 | 0 / 0 | |
| 0.0.8 | 0 / 0 | |
| 0.0.7 | 0 / 0 | |
| 0.0.4 | 0 / 0 | |
| 0.0.3 | 0 / 0 | |
| 0.0.2 | 0 / 0 | |
| 0.0.1 | 0 / 0 | |
| 5.9.0-beta.3 | 5 / 0 | |
| 5.9.0-beta.2 | 5 / 0 | |
| 5.9.0-beta.1 | 5 / 0 | |
| 5.9.0-beta.0 | 5 / 0 |
v0.7.1
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.