Conversation
Minder Vulnerability Report ✅Minder analyzed this PR and found it does not add any new vulnerable dependencies.
|
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: @nodelib/fs.scandir
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 19 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 18 |
📦 Dependency: @nodelib/fs.stat
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 67 |
| Versions matched to tags or releases | 14 |
📦 Dependency: @nodelib/fs.walk
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 16 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 15 |
📦 Dependency: @snyk/github-codeowners
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.4 |
| Repository activity | 3.8 |
| User activity | 7 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 2 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
📦 Dependency: aggregate-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.4 |
| Repository activity | 3.2 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: ansi-regex
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.8 |
| Repository activity | 3.7 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 14 |
| Versions matched to tags or releases | 14 |
📦 Dependency: clean-stack
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.5 |
| Repository activity | 3.4 |
| User activity | 9.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 9 |
📦 Dependency: clone
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.7 |
| Repository activity | 4.9 |
| User activity | 8.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 38 |
| Number of git tags or releases | 37 |
| Versions matched to tags or releases | 35 |
📦 Dependency: commander
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.7 |
| Repository activity | 7.3 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 75 |
| Number of git tags or releases | 70 |
| Versions matched to tags or releases | 50 |
📦 Dependency: defaults
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.6 |
| Repository activity | 2.1 |
| User activity | 9.1 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 5 |
| Number of git tags or releases | 2 |
| Versions matched to tags or releases | 2 |
📦 Dependency: easy-table
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.3 |
| Repository activity | 3.6 |
| User activity | 7.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 7 |
📦 Dependency: enhanced-resolve
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.5 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 131 |
| Number of git tags or releases | 78 |
| Versions matched to tags or releases | 73 |
📦 Dependency: fast-glob
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 5.1 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 44 |
| Number of git tags or releases | 40 |
| Versions matched to tags or releases | 37 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 |
📦 Dependency: graceful-fs
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.2 |
| User activity | 9.4 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 69 |
| Number of git tags or releases | 68 |
| Versions matched to tags or releases | 67 |
📦 Dependency: jiti
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4.5 |
| User activity | 9.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 100 |
| Number of git tags or releases | 97 |
| Versions matched to tags or releases | 95 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ts-node | 0 |
📦 Dependency: knip
Trusty Score: 0
Alternatives
| Package | Score | Description |
|---|---|---|
| depcheck | 0 |
📦 Dependency: p-map
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 4.4 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: parse-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.2 |
| Repository activity | 2.8 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 8 |
| Versions matched to tags or releases | 8 |
📦 Dependency: picomatch
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4.7 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 28 |
| Number of git tags or releases | 23 |
| Versions matched to tags or releases | 23 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 | |
| minimatch | 0 |
📦 Dependency: pretty-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 27 |
| Number of git tags or releases | 27 |
| Versions matched to tags or releases | 26 |
📦 Dependency: smol-toml
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.8 |
| Repository activity | 2.7 |
| User activity | 6.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 13 |
| Number of git tags or releases | 12 |
| Versions matched to tags or releases | 11 |
Alternatives
| Package | Score | Description |
|---|---|---|
| toml | 0 |
📦 Dependency: strip-json-comments
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.9 |
| Repository activity | 3.9 |
| User activity | 9.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 18 |
| Number of git tags or releases | 18 |
| Versions matched to tags or releases | 17 |
📦 Dependency: summary
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 1.7 |
| User activity | 7.6 |
| Provenance | unknown |
📦 Dependency: tapable
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.8 |
| Repository activity | 6 |
| User activity | 9.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 48 |
| Number of git tags or releases | 39 |
| Versions matched to tags or releases | 35 |
📦 Dependency: wcwidth
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.4 |
| User activity | 6.7 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 3 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
📦 Dependency: zod
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.3 |
| Repository activity | 8 |
| User activity | 8.6 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 366 |
| Number of git tags or releases | 92 |
| Versions matched to tags or releases | 76 |
This package has been digitally signed using sigtore.
| Source repository | https://github.com/colinhacks/zod |
| Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| GitHub action workflow | .github/workflows/release.yml |
| Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=154600538 |
📦 Dependency: zod-validation-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.9 |
| Repository activity | 3.7 |
| User activity | 6.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 30 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 26 |
…k/codegate-ui into feat/move-health-check-to-header
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: @nodelib/fs.scandir
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 19 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 18 |
Alternatives
| Package | Score | Description |
|---|---|---|
| klaw | 0 |
📦 Dependency: @nodelib/fs.stat
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 67 |
| Versions matched to tags or releases | 14 |
📦 Dependency: @nodelib/fs.walk
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 16 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 15 |
📦 Dependency: @snyk/github-codeowners
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.4 |
| Repository activity | 3.9 |
| User activity | 7 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 2 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
Alternatives
| Package | Score | Description |
|---|---|---|
| codeowners | 0 |
📦 Dependency: aggregate-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.4 |
| Repository activity | 3.2 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: ansi-regex
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.8 |
| Repository activity | 3.8 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 14 |
| Versions matched to tags or releases | 14 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ansi-styles | 0 |
📦 Dependency: clean-stack
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.6 |
| Repository activity | 3.4 |
| User activity | 9.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 9 |
📦 Dependency: clone
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.7 |
| Repository activity | 4.9 |
| User activity | 8.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 38 |
| Number of git tags or releases | 37 |
| Versions matched to tags or releases | 35 |
📦 Dependency: commander
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.6 |
| Repository activity | 7.1 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 75 |
| Number of git tags or releases | 70 |
| Versions matched to tags or releases | 50 |
📦 Dependency: defaults
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.6 |
| Repository activity | 2.1 |
| User activity | 9.1 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 5 |
| Number of git tags or releases | 2 |
| Versions matched to tags or releases | 2 |
📦 Dependency: easy-table
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.3 |
| Repository activity | 3.5 |
| User activity | 7.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 7 |
📦 Dependency: enhanced-resolve
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.5 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 131 |
| Number of git tags or releases | 78 |
| Versions matched to tags or releases | 73 |
📦 Dependency: fast-glob
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 5.1 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 44 |
| Number of git tags or releases | 40 |
| Versions matched to tags or releases | 37 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 |
📦 Dependency: graceful-fs
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 5.2 |
| User activity | 8.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 69 |
| Number of git tags or releases | 68 |
| Versions matched to tags or releases | 67 |
📦 Dependency: jiti
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 4.6 |
| User activity | 9.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 100 |
| Number of git tags or releases | 97 |
| Versions matched to tags or releases | 95 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ts-node | 0 |
📦 Dependency: knip
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.8 |
| User activity | 8.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 435 |
| Number of git tags or releases | 388 |
| Versions matched to tags or releases | 175 |
Alternatives
| Package | Score | Description |
|---|---|---|
| depcheck | 0 |
📦 Dependency: p-map
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 4.5 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: parse-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.2 |
| Repository activity | 2.8 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 8 |
| Versions matched to tags or releases | 8 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ms | 0 | |
| millisecond | 0 |
📦 Dependency: picomatch
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4.7 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
| Typosquatting |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 28 |
| Number of git tags or releases | 23 |
| Versions matched to tags or releases | 23 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 | |
| minimatch | 0 | |
| fast-glob | 0 |
📦 Dependency: pretty-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 27 |
| Number of git tags or releases | 27 |
| Versions matched to tags or releases | 26 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ms | 0 |
📦 Dependency: smol-toml
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.8 |
| Repository activity | 2.8 |
| User activity | 6.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 13 |
| Number of git tags or releases | 12 |
| Versions matched to tags or releases | 11 |
Alternatives
| Package | Score | Description |
|---|---|---|
| toml | 0 |
📦 Dependency: strip-json-comments
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.9 |
| Repository activity | 3.9 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 18 |
| Number of git tags or releases | 18 |
| Versions matched to tags or releases | 17 |
Alternatives
| Package | Score | Description |
|---|---|---|
| strip-json-comments-cli | 0 |
📦 Dependency: summary
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 1.7 |
| User activity | 7.6 |
| Provenance | unknown |
Alternatives
| Package | Score | Description |
|---|---|---|
| simple-statistics | 0 | |
| statistics | 0 |
📦 Dependency: tapable
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.8 |
| Repository activity | 6 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 48 |
| Number of git tags or releases | 39 |
| Versions matched to tags or releases | 35 |
📦 Dependency: wcwidth
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.5 |
| Repository activity | 2.3 |
| User activity | 6.8 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 3 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
📦 Dependency: zod
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.3 |
| Repository activity | 8 |
| User activity | 8.6 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 366 |
| Number of git tags or releases | 92 |
| Versions matched to tags or releases | 76 |
This package has been digitally signed using sigtore.
| Source repository | https://github.com/colinhacks/zod |
| Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| GitHub action workflow | .github/workflows/release.yml |
| Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=154600538 |
📦 Dependency: zod-validation-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5 |
| Repository activity | 3.8 |
| User activity | 6.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 30 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 26 |
Alternatives
| Package | Score | Description |
|---|---|---|
| zod | 0 |
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: @nodelib/fs.scandir
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 19 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 18 |
Alternatives
| Package | Score | Description |
|---|---|---|
| klaw | 0 |
📦 Dependency: @nodelib/fs.stat
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 67 |
| Versions matched to tags or releases | 14 |
Alternatives
| Package | Score | Description |
|---|---|---|
| fs-extra-promise | 0 |
📦 Dependency: @nodelib/fs.walk
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.5 |
| User activity | 6.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 16 |
| Number of git tags or releases | 71 |
| Versions matched to tags or releases | 15 |
📦 Dependency: @snyk/github-codeowners
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.4 |
| Repository activity | 3.9 |
| User activity | 7 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 2 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
Alternatives
| Package | Score | Description |
|---|---|---|
| codeowners | 0 |
📦 Dependency: aggregate-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.4 |
| Repository activity | 3.2 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: ansi-regex
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.8 |
| Repository activity | 3.8 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 14 |
| Versions matched to tags or releases | 14 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ansi-styles | 0 |
📦 Dependency: clean-stack
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.6 |
| Repository activity | 3.4 |
| User activity | 9.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 9 |
📦 Dependency: clone
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.7 |
| Repository activity | 4.9 |
| User activity | 8.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 38 |
| Number of git tags or releases | 37 |
| Versions matched to tags or releases | 35 |
Alternatives
| Package | Score | Description |
|---|---|---|
| rfdc | 0 | |
| clone-deep | 0 | |
| fast-copy | 0 |
📦 Dependency: commander
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.6 |
| Repository activity | 7.1 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 75 |
| Number of git tags or releases | 70 |
| Versions matched to tags or releases | 50 |
📦 Dependency: defaults
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.6 |
| Repository activity | 2.1 |
| User activity | 9.1 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 5 |
| Number of git tags or releases | 2 |
| Versions matched to tags or releases | 2 |
📦 Dependency: easy-table
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.3 |
| Repository activity | 3.5 |
| User activity | 7.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 9 |
| Versions matched to tags or releases | 7 |
📦 Dependency: enhanced-resolve
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.5 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 131 |
| Number of git tags or releases | 78 |
| Versions matched to tags or releases | 73 |
📦 Dependency: fast-glob
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 5.1 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 44 |
| Number of git tags or releases | 40 |
| Versions matched to tags or releases | 37 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 |
📦 Dependency: graceful-fs
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 5.2 |
| User activity | 8.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 69 |
| Number of git tags or releases | 68 |
| Versions matched to tags or releases | 67 |
Alternatives
| Package | Score | Description |
|---|---|---|
| fs-extra-promise | 0 |
📦 Dependency: jiti
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 4.6 |
| User activity | 9.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 100 |
| Number of git tags or releases | 97 |
| Versions matched to tags or releases | 95 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ts-node | 0 |
📦 Dependency: knip
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.3 |
| Repository activity | 5.8 |
| User activity | 8.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 435 |
| Number of git tags or releases | 388 |
| Versions matched to tags or releases | 175 |
Alternatives
| Package | Score | Description |
|---|---|---|
| depcheck | 0 |
📦 Dependency: p-map
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.1 |
| Repository activity | 4.5 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 8 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: parse-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.2 |
| Repository activity | 2.8 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 9 |
| Number of git tags or releases | 8 |
| Versions matched to tags or releases | 8 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ms | 0 | |
| millisecond | 0 |
📦 Dependency: picomatch
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4.7 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
| Typosquatting |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 28 |
| Number of git tags or releases | 23 |
| Versions matched to tags or releases | 23 |
Alternatives
| Package | Score | Description |
|---|---|---|
| glob | 0 | |
| micromatch | 0 | |
| minimatch | 0 | |
| fast-glob | 0 |
📦 Dependency: pretty-ms
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7 |
| Repository activity | 4 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 27 |
| Number of git tags or releases | 27 |
| Versions matched to tags or releases | 26 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ms | 0 |
📦 Dependency: smol-toml
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.8 |
| Repository activity | 2.8 |
| User activity | 6.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 13 |
| Number of git tags or releases | 12 |
| Versions matched to tags or releases | 11 |
Alternatives
| Package | Score | Description |
|---|---|---|
| toml | 0 |
📦 Dependency: strip-json-comments
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.9 |
| Repository activity | 3.9 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 18 |
| Number of git tags or releases | 18 |
| Versions matched to tags or releases | 17 |
Alternatives
| Package | Score | Description |
|---|---|---|
| strip-json-comments-cli | 0 |
📦 Dependency: summary
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 1.7 |
| User activity | 7.6 |
| Provenance | unknown |
Alternatives
| Package | Score | Description |
|---|---|---|
| simple-statistics | 0 | |
| statistics | 0 |
📦 Dependency: tapable
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.8 |
| Repository activity | 6 |
| User activity | 9.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 48 |
| Number of git tags or releases | 39 |
| Versions matched to tags or releases | 35 |
📦 Dependency: wcwidth
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.5 |
| Repository activity | 2.3 |
| User activity | 6.8 |
| Provenance | unknown |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 3 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
📦 Dependency: zod
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.3 |
| Repository activity | 8 |
| User activity | 8.6 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 366 |
| Number of git tags or releases | 92 |
| Versions matched to tags or releases | 76 |
This package has been digitally signed using sigtore.
| Source repository | https://github.com/colinhacks/zod |
| Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| GitHub action workflow | .github/workflows/release.yml |
| Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=154600538 |
📦 Dependency: zod-validation-error
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5 |
| Repository activity | 3.8 |
| User activity | 6.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 30 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 26 |
Alternatives
| Package | Score | Description |
|---|---|---|
| zod | 0 |
| import type { KnipConfig } from "knip"; | ||
|
|
||
| const config: KnipConfig = { | ||
| entry: ["src/main.tsx"], | ||
| ignore: ["src/api/generated/**/*"], | ||
| ignoreDependencies: ["husky"], | ||
| project: ["src/**/*.{js,jsx,ts,tsx}"], | ||
| }; | ||
|
|
||
| export default config; |
There was a problem hiding this comment.
Useful for finding dead code after a refactor
Pull Request Test Coverage Report for Build 13027898084Details
💛 - Coveralls |
3 participants
Screen.Recording.2025-01-29.at.9.03.16.AM.mov