ua-parser-js
Detect Browser, Engine, OS, CPU, and Device type/model from User-Agent & Client Hints data. Supports browser & node.js environment
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/ua-parser.pack.mjs | AI (source-diff): Browser distribution bundle minified with uglify-js (listed in devDeps). Standard practice for ua-parser-js; copyright header intact. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major version bump (v1→v2) with new modules (enums, extensions, helpers) and dist bundles. Size increase is expected. | ai | |
| license | copyleft-license:AGPL-3.0-or-later | AI (license): AGPL-3.0-or-later is the intentional license for ua-parser-js v2.x; stable for this package. | ai |
Versions (showing 77 of 77)
| Version | Deps | Published |
|---|---|---|
| 2.0.10 | 3 / 13 | |
| 2.0.9 | 3 / 11 | |
| 2.0.8 | 3 / 11 | |
| 2.0.7 | 3 / 9 | |
| 2.0.6 | 3 / 9 | |
| 2.0.5 | 4 / 9 | |
| 2.0.4 | 5 / 9 | |
| 2.0.3 | 5 / 9 | |
| 2.0.2 | 5 / 10 | |
| 2.0.1 | 3 / 13 | |
| 2.0.0 | 3 / 10 | |
| 1.0.39 | 0 / 8 | |
| 1.0.38 | 0 / 8 | |
| 1.0.37 | 0 / 8 | |
| 1.0.36 | 0 / 8 | |
| 1.0.35 | 0 / 8 | |
| 1.0.34 | 0 / 8 | |
| 1.0.33 | 0 / 8 | |
| 0.8.1 | 0 / 6 | |
| 0.7.39 | 0 / 8 | |
| 0.7.38 | 0 / 8 | |
| 0.7.37 | 0 / 8 | |
| 0.7.36 | 0 / 8 | |
| 0.7.35 | 0 / 8 | |
| 0.7.34 | 0 / 8 | |
| 0.7.33 | 0 / 8 | |
| 0.7.32 | 0 / 8 | |
| 0.7.31 | 0 / 8 | |
| 0.7.30 | 0 / 6 | |
| 0.7.28 | 0 / 6 | |
| 0.7.27 | 0 / 6 | |
| 0.7.26 | 0 / 6 | |
| 0.7.25 | 0 / 5 | |
| 0.7.24 | 0 / 5 | |
| 0.7.23 | 0 / 5 | |
| 0.7.22 | 0 / 5 | |
| 0.7.20 | 0 / 5 | |
| 0.7.19 | 0 / 5 | |
| 0.7.18 | 0 / 5 | |
| 0.7.17 | 0 / 5 | |
| 0.7.16 | 0 / 5 | |
| 0.7.15 | 0 / 5 | |
| 0.7.14 | 0 / 5 | |
| 0.7.13 | 0 / 5 | |
| 0.7.12 | 0 / 5 | |
| 0.7.11 | 0 / 4 | |
| 0.7.10 | 0 / 4 | |
| 0.7.9 | 0 / 4 | |
| 0.7.7 | 0 / 3 | |
| 0.7.6 | 0 / 3 | |
| 0.7.4 | 0 / 3 | |
| 0.7.3 | 0 / 3 | |
| 0.7.1 | 0 / 3 | |
| 0.7.0 | 0 / 3 | |
| 0.6.2 | 0 / 3 | |
| 0.6.0 | 0 / 3 | |
| 0.5.27 | 0 / 3 | |
| 0.5.25 | 0 / 3 | |
| 0.5.23 | 0 / 3 | |
| 0.5.22 | 0 / 3 | |
| 0.5.20 | 0 / 3 | |
| 0.5.15 | 0 / 2 | |
| 0.5.12 | 0 / 2 | |
| 0.5.11 | 0 / 2 | |
| 0.5.3 | 0 / 2 | |
| 0.5.2 | 0 / 2 | |
| 0.5.1 | 0 / 2 | |
| 0.4.15 | 0 / 2 | |
| 0.4.13 | 0 / 1 | |
| 0.4.7 | 0 / 0 | |
| 0.4.6 | 0 / 0 | |
| 0.4.4 | 0 / 0 | |
| 0.4.3 | 0 / 0 | |
| 0.4.1 | 0 / 0 | |
| 0.4.0 | 0 / 0 | |
| 0.3.1 | 0 / 0 | |
| 0.3.0 | 0 / 0 |
v2.0.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.