sqs-consumer No license 13 versions

sqs-consumer

npm Repository Homepage

13

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

iblnicholasgriffin_bbc

Keywords

aws-sqsbackendmessage-queuenodejsqueue-consumerserverlesssqs

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): BBC org migrated to GitHub Actions CI/CD publishing with SLSA provenance; stable pattern going forward.	ai	2026/05/18
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by automated CI/CD release; consistent with org-level tooling migration, not takeover.	ai	2026/05/18

Versions (showing 13 of 13)

Version	Deps	Published
15.0.2	2 / 25	2026-05-26
15.0.1	2 / 25	2026-05-02
15.0.0	2 / 25	2026-05-02
14.2.8	2 / 25	2026-04-19
14.2.7	2 / 25	2026-04-19
14.2.6	2 / 25	2026-03-27
14.2.5	2 / 25	2026-03-20
14.2.4	2 / 29	2026-03-20
14.2.3	2 / 29	2026-03-17
14.2.2	2 / 29	2026-02-22
14.2.1	2 / 29	2026-01-23
14.2.0	2 / 29	2025-12-12
11.4.0	2 / 29	2025-01-08

v15.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.8

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-04-19) provenance

This version was published by a different npm account than previous versions on 2026-04-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.6

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-03-27) provenance

This version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.5

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.4

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.3

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.2

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-02-22) provenance

This version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.1

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2026-01-23) provenance

This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.2.0

2 findings

HIGH Publisher changed: nicholasgriffin_bbc → GitHub Actions (on 2025-12-12) provenance

This version was published by a different npm account than previous versions on 2025-12-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.