← Home

valid-module

npm Repository Homepage

Verify that file or package, be it remote, or local, is a valid ECMAScript Module

23
Versions
Artistic-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

bevryme

Keywords

allow-envallow-readbrowserdenodeno-editiondeno-entrydenolandecmascriptes2022esmmjsmodulenodetypedtypestypescriptvaldiatevalidverificationverify

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:assert-helpers AI (phantom-deps): Test helper accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:kava AI (phantom-deps): Dev tool accidentally placed in dependencies; confirmed not imported at runtime. Stable pattern for this Bevry package. ai
phantom-deps phantom-dep:surge AI (phantom-deps): Dev/deploy tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:eslint AI (phantom-deps): Dev linting tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:typedoc AI (phantom-deps): Dev documentation tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:prettier AI (phantom-deps): Dev formatting tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:projectz AI (phantom-deps): Dev metadata tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): Dev compiler accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:valid-directory AI (phantom-deps): Dev verification tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:make-deno-edition AI (phantom-deps): Dev build tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:eslint-config-bevry AI (phantom-deps): Dev ESLint config accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): Dev ESLint config accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:eslint-plugin-prettier AI (phantom-deps): Dev ESLint plugin accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:@typescript-eslint/parser AI (phantom-deps): Dev TypeScript ESLint parser accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:@bevry/update-contributors AI (phantom-deps): Dev contributor update tool accidentally placed in dependencies; confirmed not imported at runtime. ai
phantom-deps phantom-dep:@typescript-eslint/eslint-plugin AI (phantom-deps): Dev TypeScript ESLint plugin accidentally placed in dependencies; confirmed not imported at runtime. ai

Versions (showing 23 of 23)

Version Deps Published
2.6.0 1 / 17
2.5.0 1 / 16
2.4.0 1 / 16
2.3.0 1 / 16
2.2.0 1 / 16
2.1.0 1 / 16
2.0.0 1 / 17
1.17.0 2 / 16
1.16.0 2 / 16
1.15.0 2 / 16
1.14.0 2 / 16
1.13.0 2 / 16
1.12.0 2 / 16
1.11.0 2 / 16
1.10.0 2 / 16
1.9.0 1 / 16
1.7.0 1 / 16
1.6.0 17 / 16
1.5.0 1 / 16
1.4.0 1 / 16
1.3.0 1 / 15
1.2.0 1 / 15
1.0.0 1 / 14

v2.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.