← Home

ts-dedent

npm Repository Homepage

TypeScript package which smartly trims and strips indentation from multi-line strings

8
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

tamino-martinius

Keywords

dedentdeindentindentationmulti-line stringmultiline stringstemplate literalstemplate stringststypescriptes6harmony

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-takeover AI (maintainer-change): tamino-martinius is the package author per package.json and GitHub repo; switched from alt account next-model. Legitimate ownership consolidation. ai
provenance publisher-changed AI (provenance): Publisher change from next-model to tamino-martinius is the same developer consolidating accounts; confirmed by author field and repo URL. ai
maintainer-change maintainer-added AI (maintainer-change): tamino-martinius is the original author; adding their primary account is expected. ai
maintainer-change maintainer-removed AI (maintainer-change): next-model was an alternate account of the same author; removal is part of legitimate consolidation. ai
source-diff source-size-tripled AI (source-diff): Size increase from including src/ directory alongside dist/; no payload concern for this simple utility. ai

Versions (showing 8 of 8)

Version Deps Published
2.2.0 0 / 8
2.1.1 0 / 8
2.1.0 0 / 8
2.0.0 0 / 8
1.2.0 0 / 8
1.1.1 0 / 8
1.1.0 0 / 8
1.0.0 0 / 8

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.1

3 findings
HIGH Complete maintainer takeover detected maintainer-change

All previous maintainers (next-model) were replaced by new maintainers (tamino-martinius). This is a strong signal of a potential package hijack and requires careful review.

HIGH Publisher changed: next-model → tamino-martinius (on 2020-01-25) provenance

This version was published by a different npm account than previous versions on 2020-01-25. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.