tlds
A list of TLDs.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Change was from tlds-bot automation account back to stephenmathieson, the original author and repo owner. Legitimate transition. | ai | |
| provenance | no-provenance | AI (provenance): Established package predates Sigstore provenance; informational only. | ai |
Versions (showing 51 of 260)
| Version | Deps | Published |
|---|---|---|
| 1.261.0 | 0 / 6 | |
| 1.260.0 | 0 / 6 | |
| 1.259.0 | 0 / 6 | |
| 1.258.0 | 0 / 6 | |
| 1.257.0 | 0 / 6 | |
| 1.256.0 | 0 / 6 | |
| 1.255.0 | 0 / 6 | |
| 1.254.0 | 0 / 6 | |
| 1.253.0 | 0 / 6 | |
| 1.252.0 | 0 / 6 | |
| 1.251.0 | 0 / 6 | |
| 1.250.0 | 0 / 6 | |
| 1.249.0 | 0 / 6 | |
| 1.248.0 | 0 / 6 | |
| 1.247.0 | 0 / 6 | |
| 1.246.0 | 0 / 6 | |
| 1.245.0 | 0 / 6 | |
| 1.244.0 | 0 / 6 | |
| 1.243.0 | 0 / 6 | |
| 1.242.0 | 0 / 6 | |
| 1.240.0 | 0 / 11 | |
| 1.239.0 | 0 / 11 | |
| 1.238.0 | 0 / 11 | |
| 1.237.0 | 0 / 11 | |
| 1.236.0 | 0 / 11 | |
| 1.235.0 | 0 / 11 | |
| 1.234.0 | 0 / 11 | |
| 1.233.0 | 0 / 11 | |
| 1.232.0 | 0 / 11 | |
| 1.231.0 | 0 / 11 | |
| 1.230.0 | 0 / 11 | |
| 1.229.0 | 0 / 11 | |
| 1.228.0 | 0 / 11 | |
| 1.227.0 | 0 / 11 | |
| 1.226.0 | 0 / 11 | |
| 1.225.0 | 0 / 11 | |
| 1.224.0 | 0 / 11 | |
| 1.223.0 | 0 / 11 | |
| 1.222.0 | 0 / 11 | |
| 1.221.1 | 0 / 11 | |
| 1.221.0 | 0 / 11 | |
| 1.220.0 | 0 / 11 | |
| 1.219.0 | 0 / 11 | |
| 1.218.0 | 0 / 11 | |
| 1.217.0 | 0 / 11 | |
| 1.216.0 | 0 / 11 | |
| 1.215.0 | 0 / 11 | |
| 1.214.0 | 0 / 11 | |
| 1.213.0 | 0 / 11 | |
| 1.212.0 | 0 / 11 | |
| 1.211.0 | 0 / 11 |
v1.261.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.260.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.259.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.258.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.257.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.256.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.255.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.254.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.253.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.252.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.251.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.250.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.249.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.248.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.247.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.246.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.245.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.244.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.243.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.242.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.240.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.239.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.238.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.237.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.236.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.235.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.234.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.233.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.232.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.231.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.230.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.229.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.228.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.227.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.226.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.225.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.224.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.223.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.222.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2021-09-28. This could indicate a legitimate maintainer transition or an account compromise.
v1.221.1
2 findingsThis version was published by a different npm account than previous versions on 2021-04-27. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.221.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.220.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.219.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.218.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.217.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.216.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.215.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.214.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.213.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.212.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.211.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2020-10-08. This could indicate a legitimate maintainer transition or an account compromise.