zip-stream — Greenflagged

a streaming zip archive generator.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ctalkington

Keywords

archivestreamzip-streamzip

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from maintainer to GitHub Actions CI/CD with SLSA provenance; legitimate automation migration.	ai	2026/05/08
publish-pattern	dormant-publish	AI (publish-pattern): Mature, stable package; infrequent publishes are normal for its lifecycle.	ai	2026/05/08
phantom-deps	phantom-dep:readable-stream	AI (phantom-deps): readable-stream is a core streams polyfill; used transitively or via require in Node stream internals.	ai	2026/05/08

Versions (showing 54 of 54)

Version	Deps	Published
7.0.5	3 / 8	2026-05-08
7.0.4	3 / 8	2026-05-08
7.0.2	3 / 8	2024-10-16
7.0.1	3 / 8	2024-10-16
7.0.0	3 / 8	2024-10-16
6.0.1	3 / 7	2024-03-10
6.0.0	3 / 7	2024-02-27
5.0.2	3 / 7	2024-02-27
5.0.1	3 / 7	2023-09-03
5.0.0	3 / 7	2023-09-03
4.1.1	3 / 7	2023-09-02
4.1.0	3 / 7	2021-03-03
4.0.4	3 / 7	2020-11-19
4.0.3	3 / 7	2020-11-19
4.0.2	3 / 7	2020-07-21
4.0.1	3 / 7	2020-07-21
4.0.0	3 / 7	2020-07-18
3.0.1	3 / 7	2020-04-14
3.0.0	3 / 7	2020-04-14
2.1.3	3 / 7	2020-01-08
2.1.2	3 / 7	2019-08-02
2.1.1	3 / 7	2019-08-02
2.1.0	3 / 7	2019-07-20
2.0.1	3 / 7	2018-08-22
2.0.0	3 / 7	2018-08-22
1.2.0	4 / 7	2017-06-16
1.1.1	4 / 7	2017-01-13
1.1.0	4 / 6	2016-08-27
1.0.0	4 / 6	2016-04-06
0.8.0	4 / 4	2015-11-30
0.7.0	3 / 4	2015-11-24
0.6.0	3 / 4	2015-10-17
0.5.2	3 / 4	2015-05-20
0.5.1	3 / 4	2015-02-15
0.5.0	3 / 4	2014-11-30
0.4.1	3 / 4	2014-08-24
0.4.0	3 / 4	2014-08-24
0.3.7	6 / 4	2014-08-11
0.3.6	6 / 4	2014-07-01
0.3.5	6 / 4	2014-06-27
0.3.4	6 / 4	2014-05-26
0.3.3	5 / 4	2014-05-04
0.3.2	5 / 4	2014-05-04
0.3.1	4 / 4	2014-04-15
0.3.0	4 / 4	2014-04-01
0.2.3	3 / 4	2014-03-30
0.2.2	3 / 4	2014-02-25
0.2.1	2 / 4	2014-02-16
0.2.0	2 / 4	2014-02-16
0.1.4	2 / 4	2014-02-08
0.1.3	2 / 4	2014-01-11
0.1.2	2 / 4	2014-01-10
0.1.1	2 / 4	2014-01-10
0.1.0	2 / 4	2014-01-06

v7.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.4

2 findings

HIGH Publisher changed: ctalkington → GitHub Actions (on 2026-05-08) provenance

This version was published by a different npm account than previous versions on 2026-05-08. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.