wrangler No license 23 versions

wrangler

npm Repository Homepage

23

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

wrangler-publisher

Keywords

assemblyclicloudflarecloudflare workerscomputeedgeemscriptengraphqlhttprouterrustserverlessserverless applicationserverless moduletypescriptwasmwebwebassemblyworkerswrangler

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Used in a Proxy handler for console method prefixing; standard JS pattern, not obfuscation.	ai	2026/05/15
source-diff	encoded-string-file:wrangler-dist/cli.js	AI (source-diff): Base64 WASM blob from bundled undici/llhttp; standard for this package's CLI bundle.	ai	2026/05/15
publish-pattern	dormant-publish	AI (publish-pattern): Cloudflare workers-sdk has variable release cadence; 218-day gap is not suspicious for this project.	ai	2026/05/15
phantom-deps	phantom-dep:blake3-wasm	AI (phantom-deps): Platform-specific binary package; phantom-dep false positive for this package.	ai	2026/04/29
semgrep	semgrep:child-process-import	AI (semgrep): CLI tool; child_process spawn in bin/wrangler.js is expected and documented behavior.	ai	2026/04/29
phantom-deps	phantom-dep:@cloudflare/unenv-preset	AI (phantom-deps): Framework-scoped Cloudflare package loaded by convention; stable false positive.	ai	2026/04/29
phantom-deps	phantom-dep:unenv	AI (phantom-deps): Known implicit runtime dependency for Cloudflare Workers environment emulation.	ai	2026/04/29
phantom-deps	phantom-dep:workerd	AI (phantom-deps): Known implicit binary dependency; workerd is the Cloudflare Workers runtime used by wrangler.	ai	2026/04/29

Versions (showing 23 of 23)

Version	Deps	Published
4.95.0	9 / 94	2026-05-26
4.93.1	8 / 92	2026-05-21
4.93.0	8 / 92	2026-05-19
4.92.0	8 / 92	2026-05-15
4.91.0	8 / 92	2026-05-14
4.90.1	8 / 92	2026-05-12
4.90.0	8 / 92	2026-05-07
4.89.1	8 / 92	2026-05-07
4.89.0	8 / 92	2026-05-07
4.88.0	8 / 92	2026-05-05
4.87.0	8 / 92	2026-04-30
4.86.0	8 / 92	2026-04-28
4.85.0	8 / 92	2026-04-24
4.84.1	8 / 92	2026-04-21
4.84.0	8 / 92	2026-04-20
4.83.0	8 / 92	2026-04-15
4.82.2	8 / 92	2026-04-13
4.82.1	8 / 92	2026-04-13
4.82.0	8 / 92	2026-04-13
4.81.1	8 / 92	2026-04-09
4.81.0	8 / 92	2026-04-07
4.80.0	8 / 92	2026-04-02
4.79.0	8 / 92	2026-03-31

v4.95.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.93.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.93.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.92.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.91.0

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.90.1

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.90.0

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.89.1

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.89.0

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.88.0

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.87.0

2 findings

HIGH Long encoded string in modified file: wrangler-dist/cli.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.86.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.85.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.84.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.84.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.83.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.82.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.82.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.82.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.81.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.81.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.80.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.79.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.