zod — Greenflagged

TypeScript-first schema declaration and validation library with static type inference

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

colinhacks

Keywords

typescriptschemavalidationtypeinference

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-takeover	AI (maintainer-change): colinhacks (Colin McDonnell) is the original Zod author; colinmcd94/vriad are his prior npm aliases. Account consolidation, not a hostile takeover. SLSA provenance confirms legitimate CI build.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Publisher change from colinmcd94 to colinhacks is the same person (Colin McDonnell) consolidating npm accounts. SLSA attestation corroborates legitimacy.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): colinhacks is the original package author; addition reflects account consolidation, not a new third party.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): colinmcd94 and vriad are prior aliases of the same author (Colin McDonnell); removal is account consolidation.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): 231 new files reflect the v4 major release bundled alongside v3 compatibility layer. Files are readable TypeScript source and tests, not injected payloads.	ai	2026/04/22
source-diff	source-size-tripled	AI (source-diff): Size increase is explained by shipping both v3 and v4 codebases in one package. No obfuscated or minified code detected.	ai	2026/04/22
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() used in a lazy-initialization proxy pattern — standard JS idiom, not obfuscation.	ai	2026/04/21

Versions (showing 100 of 137)

Show 131 prereleases

Version	Deps	Published
4.4.3	0 / 0	2026-05-04
4.4.2	0 / 0	2026-05-01
4.4.1	0 / 0	2026-04-29
4.4.0	0 / 0	2026-04-29
4.3.6	0 / 0	2026-01-22
4.3.5	0 / 0	2026-01-04
4.3.4	0 / 0	2025-12-31
4.3.3	0 / 0	2025-12-31
4.3.2	0 / 0	2025-12-31
4.3.1	0 / 0	2025-12-31
4.3.0	0 / 0	2025-12-31
4.2.1	0 / 0	2025-12-16
4.2.0	0 / 0	2025-12-15
4.1.13	0 / 0	2025-11-24
4.1.12	0 / 0	2025-10-06
4.1.11	0 / 0	2025-09-20
4.1.10	0 / 0	2025-09-20
4.1.9	0 / 0	2025-09-16
4.1.8	0 / 0	2025-09-11
4.1.7	0 / 0	2025-09-11
4.1.6	0 / 0	2025-09-11
4.1.5	0 / 0	2025-08-28
4.1.4	0 / 0	2025-08-27
4.1.3	0 / 0	2025-08-26
4.1.2	0 / 0	2025-08-25
4.1.1	0 / 0	2025-08-24
4.1.0	0 / 0	2025-08-23
4.0.17	0 / 0	2025-08-09
4.0.16	0 / 0	2025-08-08
4.0.15	0 / 0	2025-08-06
4.0.14	0 / 0	2025-07-30
4.0.13	0 / 0	2025-07-29
4.0.12	0 / 0	2025-07-29
4.0.11	0 / 0	2025-07-29
4.0.10	0 / 0	2025-07-25
4.0.9	0 / 0	2025-07-24
4.0.8	0 / 0	2025-07-24
4.0.7	0 / 0	2025-07-23
4.0.6	0 / 0	2025-07-23
4.0.5	0 / 0	2025-07-10
4.0.4	0 / 0	2025-07-10
4.0.3	0 / 0	2025-07-10
4.0.2	0 / 0	2025-07-10
4.0.1	0 / 0	2025-07-10
4.0.0	0 / 0	2025-07-09
3.25.76	0 / 0	2025-07-08
3.25.75	0 / 0	2025-07-07
3.25.74	0 / 0	2025-07-04
3.25.73	0 / 0	2025-07-04
3.25.72	0 / 0	2025-07-04
3.25.71	0 / 0	2025-07-03
3.25.70	0 / 0	2025-07-03
3.25.69	0 / 0	2025-07-02
3.25.68	0 / 0	2025-07-02
3.25.67	0 / 0	2025-06-16
3.25.66	0 / 0	2025-06-16
3.25.65	0 / 0	2025-06-16
3.25.64	0 / 0	2025-06-13
3.25.63	0 / 0	2025-06-12
3.25.62	0 / 0	2025-06-11
3.25.61	0 / 0	2025-06-11
3.25.60	0 / 0	2025-06-11
3.25.59	0 / 0	2025-06-11
3.25.58	0 / 0	2025-06-10
3.25.57	0 / 0	2025-06-10
3.25.56	0 / 0	2025-06-06
3.25.55	0 / 0	2025-06-06
3.25.54	0 / 0	2025-06-06
3.25.53	0 / 0	2025-06-06
3.25.52	0 / 0	2025-06-06
3.25.51	0 / 0	2025-06-04
3.25.50	0 / 0	2025-06-03
3.25.49	0 / 0	2025-06-02
3.25.48	0 / 0	2025-06-02
3.25.47	0 / 0	2025-06-02
3.25.46	0 / 0	2025-06-01
3.25.45	0 / 0	2025-06-01
3.25.44	0 / 0	2025-06-01
3.25.43	0 / 0	2025-05-31
3.25.42	0 / 0	2025-05-30
3.25.41	0 / 0	2025-05-30
3.25.40	0 / 0	2025-05-30
3.25.39	0 / 0	2025-05-29
3.25.38	0 / 0	2025-05-29
3.25.37	0 / 0	2025-05-29
3.25.36	0 / 0	2025-05-29
3.25.35	0 / 0	2025-05-29
3.25.34	0 / 0	2025-05-28
3.25.33	0 / 0	2025-05-28
3.25.32	0 / 0	2025-05-28
3.25.31	0 / 0	2025-05-27
3.25.30	0 / 0	2025-05-27
3.25.29	0 / 0	2025-05-26
3.25.28	0 / 0	2025-05-23
3.25.27	0 / 0	2025-05-23
3.25.26	0 / 0	2025-05-23
3.25.25	0 / 0	2025-05-23
3.25.24	0 / 0	2025-05-23
3.25.23	0 / 0	2025-05-22
3.25.22	0 / 0	2025-05-22

Showing 100 of 137 Next page →

v4.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.0

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: colinhacks → GitHub Actions (on 2026-04-29) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.