sails-hook-sockets
Implements socket.io support in Sails
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): eashaw is a Sails.js core team member (825 approved packages); transition from rachaelshaw is a legitimate internal handoff within the Balderdashy org. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): eashaw is an established Sails.js team member; addition is a legitimate internal team change, not a hostile takeover. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is intentional — this hook loads user-configured socket adapters from app's node_modules. Standard plugin architecture for a Sails.js hook; stable false positive for this package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Mature Sails.js ecosystem package with trusted publisher (845 approved). Dormancy is expected for stable hooks; no material changes in this version vs prior. | ai |
Versions (showing 51 of 74)
| Version | Deps | Published |
|---|---|---|
| 3.0.2 | 9 / 9 | |
| 3.0.1 | 9 / 9 | |
| 3.0.0 | 9 / 9 | |
| 2.0.4 | 9 / 9 | |
| 2.0.3 | 9 / 9 | |
| 2.0.2 | 9 / 9 | |
| 2.0.1 | 9 / 9 | |
| 2.0.0 | 9 / 9 | |
| 1.5.5 | 9 / 9 | |
| 1.5.4 | 9 / 9 | |
| 1.5.3 | 9 / 9 | |
| 1.5.2 | 9 / 9 | |
| 1.5.1 | 9 / 9 | |
| 1.5.0 | 8 / 10 | |
| 1.4.3 | 8 / 9 | |
| 1.4.2 | 8 / 9 | |
| 1.4.1 | 8 / 9 | |
| 1.4.0 | 8 / 9 | |
| 1.3.4 | 8 / 9 | |
| 1.3.3 | 8 / 9 | |
| 1.3.2 | 8 / 9 | |
| 1.3.1 | 7 / 9 | |
| 1.3.0 | 7 / 9 | |
| 1.2.3 | 7 / 9 | |
| 1.2.2 | 7 / 9 | |
| 1.2.1 | 7 / 9 | |
| 1.2.0 | 7 / 9 | |
| 1.1.0 | 7 / 7 | |
| 1.0.1 | 6 / 7 | |
| 0.13.14 | 6 / 7 | |
| 0.13.13 | 6 / 7 | |
| 0.13.12 | 6 / 7 | |
| 0.13.11 | 6 / 7 | |
| 0.13.10 | 6 / 7 | |
| 0.13.9 | 7 / 6 | |
| 0.13.8 | 7 / 6 | |
| 0.13.7 | 7 / 6 | |
| 0.13.6 | 7 / 6 | |
| 0.13.5 | 6 / 7 | |
| 0.13.4 | 6 / 7 | |
| 0.13.3 | 6 / 7 | |
| 0.13.0 | 5 / 7 | |
| 0.12.3 | 5 / 7 | |
| 0.12.2 | 5 / 7 | |
| 0.12.1 | 5 / 7 | |
| 0.12.0 | 5 / 7 | |
| 0.11.29 | 5 / 7 | |
| 0.11.28 | 5 / 7 | |
| 0.11.27 | 5 / 7 | |
| 0.11.26 | 5 / 7 | |
| 0.11.25 | 5 / 7 |
v3.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
2 findingsThis version was published by a different npm account than previous versions on 2022-08-05. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
2 findingsThis version was published by a different npm account than previous versions on 2021-03-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
2 findingsThis version was published by a different npm account than previous versions on 2019-05-24. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.