Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(blog): Added Fine Grained News November 2024 Community Edition and related files #909

Merged
merged 22 commits into from
Dec 12, 2024
Merged

feat(blog): Added Fine Grained News November 2024 Community Edition and related files #909

merged 22 commits into from
Dec 12, 2024

Conversation

hello-caleb
Copy link
Contributor

@hello-caleb hello-caleb commented Dec 5, 2024
edited
Loading

Description

Next Steps

This is a draft PR, and additional content or revisions will be needed before being marked ready for review. Feedback is welcome, especially:

  • November team offsite information and possibly additional photos L51 (additional photos should follow the file format fgn-2024-11-[descriptive-file-name] and be added to ~/static/img/blog/ for LFS).
  • Clarity and tone of the newsletter content.
  • Any missing information or corrections.

Review Checklist

  • I have clicked on "allow edits by maintainers".
  • I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
  • The correct base branch is being used, if not main
  • I have added tests to validate that the change in functionality is working as expected

aaguiarz
aaguiarz requested changes Dec 6, 2024
View reviewed changes
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
hello-caleb and others added 5 commits December 9, 2024 15:31
@hello-caleb @aaguiarz
Update blog/fine-grained-news-2024-11.md
61198ae 
Accepted suggested commenter change

Co-authored-by: Andrés Aguiar <[email protected]>
@hello-caleb @aaguiarz
Update blog/fine-grained-news-2024-11.md
53d2b8c 
Accepted suggested commenter change

Co-authored-by: Andrés Aguiar <[email protected]>
@hello-caleb @aaguiarz
Update blog/fine-grained-news-2024-11.md
ebf3b58 
Accepted suggested commenter change

Co-authored-by: Andrés Aguiar <[email protected]>
@hello-caleb
Updated files to address formatting issues, changes and comments
980ac42
@hello-caleb
Resolved merge conflicts in fine-grained-news-2024-11.md
57775be
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 10, 2024
edited
Loading

PR Preview Action v1.4.8
🚀 Deployed preview to https://openfga.github.io/openfga.dev/pr-preview/pr-909/
on branch gh-pages at 2024-12-12 13:11 UTC

rhamzeh
rhamzeh previously requested changes Dec 10, 2024
View reviewed changes
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Outdated Show resolved Hide resolved
blog/fine-grained-news-2024-11.md Show resolved Hide resolved
rhamzeh
rhamzeh reviewed Dec 10, 2024
View reviewed changes
package.json Outdated Show resolved Hide resolved
hello-caleb and others added 6 commits December 10, 2024 02:14
@hello-caleb
Update fine-grained-news-2024-11.md
bb5a5b6 
Minor formatting fixes.
@hello-caleb @rhamzeh
Update blog/fine-grained-news-2024-11.md
14f5bd9 
Committing suggestion

Co-authored-by: Raghd Hamzeh <[email protected]>
@hello-caleb
Update fine-grained-news-2024-11.md
3bf7375 
Minor formatting mixes
@hello-caleb
Minor formatting fixxes and suggestions accepted
eefbe8e
@hello-caleb
Update fine-grained-news-2024-11.md
a46ea9f 
Minor editorial fixes to Just Released.
@hello-caleb
Update README.md
7a6e952 
Removing a stray link check enablement.
@hello-caleb hello-caleb marked this pull request as ready for review December 10, 2024 10:18
@hello-caleb hello-caleb requested review from a team as code owners December 10, 2024 10:18
@stacklok-cloud Stacklok Cloud
Copy link
Contributor

stacklok-cloud bot commented Dec 10, 2024
edited
Loading

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 3f28fe7d:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @oozcitak/dom

Trusty Score: 0

Scoring details
Component Score
Package activity 2.6
Repository activity 1.5
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 40
Number of git tags or releases 40
Versions matched to tags or releases 37
Alternatives
Package Score Description
jsdom 0
cheerio 0
domino 0

📦 Dependency: @oozcitak/infra

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: @oozcitak/url

Trusty Score: 0

Scoring details
Component Score
Package activity 2.2
Repository activity 0.9
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 13
Versions matched to tags or releases 12
Alternatives
Package Score Description
whatwg-url 0

📦 Dependency: @oozcitak/util

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1.1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 26
Versions matched to tags or releases 26
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: @tootallnate/quickjs-emscripten

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.6
User activity 7.6
Provenance historical_provenance_mismatched

📦 Dependency: agent-base

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 81
Versions matched to tags or releases 4
Alternatives
Package Score Description
agentkeepalive 0

📦 Dependency: argparse

Trusty Score: 0

Scoring details
Component Score
Package activity 6.2
Repository activity 4.2
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 28
Versions matched to tags or releases 28
Alternatives
Package Score Description
docopt 0

📦 Dependency: ast-types

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.8
User activity 9.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 164
Number of git tags or releases 92
Versions matched to tags or releases 65
Alternatives
Package Score Description
@babel/types 0
recast 0

📦 Dependency: async

Trusty Score: 0

Scoring details
Component Score
Package activity 8.3
Repository activity 7.7
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 94
Number of git tags or releases 88
Versions matched to tags or releases 74
Alternatives
Package Score Description
bluebird 0
rxjs 0
async-kit 0

📦 Dependency: basic-ftp

Trusty Score: 0

Scoring details
Component Score
Package activity 5.6
Repository activity 4.3
User activity 6.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 169
Versions matched to tags or releases 103
Alternatives
Package Score Description
ftp 0
ftps 0

📦 Dependency: chalk

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.5
User activity 9.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 38
Number of git tags or releases 44
Versions matched to tags or releases 37
Alternatives
Package Score Description
colors 0
kleur 0
colorette 0
ansi-colors 0

📦 Dependency: commander

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 116
Number of git tags or releases 123
Versions matched to tags or releases 90
Alternatives
Package Score Description
yargs 0
minimist 0

📦 Dependency: data-uri-to-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 73
Versions matched to tags or releases 3
Alternatives
Package Score Description
data-urls 0

📦 Dependency: degenerator

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 65
Versions matched to tags or releases 5
Alternatives
Package Score Description
regenerator-runtime 0
co 0

📦 Dependency: escodegen

Trusty Score: 0

Scoring details
Component Score
Package activity 7.8
Repository activity 6.4
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 61
Number of git tags or releases 46
Versions matched to tags or releases 42
Alternatives
Package Score Description
uglify-js 0
terser 0

📦 Dependency: get-uri

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 87
Versions matched to tags or releases 4
Alternatives
Package Score Description
axios 0
got 0
node-fetch 0

📦 Dependency: html-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 0.6
User activity 4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 6
Versions matched to tags or releases 6
Alternatives
Package Score Description
cheerio 0
htmlparser2 0
linkifyjs 0

📦 Dependency: http-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5.2
User activity 8.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 79
Versions matched to tags or releases 9
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0

📦 Dependency: https-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 35
Number of git tags or releases 83
Versions matched to tags or releases 34
Alternatives
Package Score Description
proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: iconv-lite

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 51
Number of git tags or releases 42
Versions matched to tags or releases 41
Alternatives
Package Score Description
iconv 0
utf8 0

📦 Dependency: ip-address

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.7
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 48
Number of git tags or releases 49
Versions matched to tags or releases 38
Alternatives
Package Score Description
ip 0

📦 Dependency: is-absolute-url

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 2.9
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 9
Versions matched to tags or releases 9

📦 Dependency: is-relative-url

Trusty Score: 0

Scoring details
Component Score
Package activity 5.9
Repository activity 2.3
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 5
Versions matched to tags or releases 5

📦 Dependency: js-yaml

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.6
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 71
Number of git tags or releases 72
Versions matched to tags or releases 71
Alternatives
Package Score Description
yaml 0

📦 Dependency: jsbn

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.8
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 4
Number of git tags or releases 4
Versions matched to tags or releases 3
Alternatives
Package Score Description
bn.js 0
jsbi 0
big-integer 0

📦 Dependency: link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 5.6
Repository activity 3.2
User activity 7.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 41
Number of git tags or releases 44
Versions matched to tags or releases 40
Alternatives
Package Score Description
linkinator 0
broken-link-checker 0

📦 Dependency: lru-cache

Trusty Score: 0

Alternatives
Package Score Description
node-cache 0
hashlru 0
memory-cache 0
lru-cache-plus 0

📦 Dependency: markdown-link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 65
Number of git tags or releases 77
Versions matched to tags or releases 66

📦 Dependency: markdown-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 4.8
Repository activity 2.5
User activity 7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 23
Number of git tags or releases 25
Versions matched to tags or releases 23

📦 Dependency: marked

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.8
User activity 9.4
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 170
Number of git tags or releases 109
Versions matched to tags or releases 104

This package has been digitally signed using sigtore.
Source repository https://github.com/markedjs/marked
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/tests.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147737293
Alternatives
Package Score Description
markdown-it 0
remarkable 0
turndown 0

📦 Dependency: ms

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.2
User activity 9.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 17
Versions matched to tags or releases 17
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: needle

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 50
Versions matched to tags or releases 23
Alternatives
Package Score Description
axios 0
superagent 0

📦 Dependency: netmask

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.8
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 10
Versions matched to tags or releases 9
Alternatives
Package Score Description
ip 0
ip6 0

📦 Dependency: node-email-verifier

Trusty Score: 0

Scoring details
Component Score
Package activity 3.6
Repository activity 1.6
User activity 5.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 5
Versions matched to tags or releases 5

📦 Dependency: pac-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 83
Versions matched to tags or releases 8

📦 Dependency: pac-resolver

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 73
Versions matched to tags or releases 4

📦 Dependency: progress

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 20
Number of git tags or releases 16
Versions matched to tags or releases 12
Alternatives
Package Score Description
inquirer 0
ora 0
prompt 0
cli-progress 0
progress-bar-webpack-plugin 0

📦 Dependency: proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 73
Versions matched to tags or releases 10
Alternatives
Package Score Description
https-proxy-agent 0
tunnel-agent 0
global-agent 0

📦 Dependency: smart-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 4.7
Repository activity 3.1
User activity 6.3
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 32
Number of git tags or releases 15
Versions matched to tags or releases 11
Alternatives
Package Score Description
buffer 0
buffer-more-ints 0

📦 Dependency: socks

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.7
User activity 7.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 49
Number of git tags or releases 31
Versions matched to tags or releases 24
Alternatives
Package Score Description
socks-proxy-agent 0

📦 Dependency: socks-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 31
Number of git tags or releases 83
Versions matched to tags or releases 3
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: source-map

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 62
Number of git tags or releases 43
Versions matched to tags or releases 43
Alternatives
Package Score Description
source-map-explorer 0

📦 Dependency: sprintf-js

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5.8
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 14
Versions matched to tags or releases 6
Alternatives
Package Score Description
string-format 0

📦 Dependency: validator

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 8.3
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 211
Number of git tags or releases 101
Versions matched to tags or releases 92
Alternatives
Package Score Description
validator.js 0

📦 Dependency: xmlbuilder2

Trusty Score: 0

Scoring details
Component Score
Package activity 5.1
Repository activity 4
User activity 6.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 48
Versions matched to tags or releases 44
Alternatives
Package Score Description
xml2js 0
xml-js 0

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @oozcitak/dom

Trusty Score: 0

Scoring details
Component Score
Package activity 2.6
Repository activity 1.5
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 40
Number of git tags or releases 40
Versions matched to tags or releases 37
Alternatives
Package Score Description
jsdom 0
cheerio 0
domino 0

📦 Dependency: @oozcitak/infra

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: @oozcitak/url

Trusty Score: 0

Scoring details
Component Score
Package activity 2.2
Repository activity 0.9
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 13
Versions matched to tags or releases 12
Alternatives
Package Score Description
whatwg-url 0

📦 Dependency: @oozcitak/util

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1.1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 26
Versions matched to tags or releases 26
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: @tootallnate/quickjs-emscripten

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.6
User activity 7.6
Provenance historical_provenance_mismatched

📦 Dependency: agent-base

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 81
Versions matched to tags or releases 4
Alternatives
Package Score Description
agentkeepalive 0

📦 Dependency: argparse

Trusty Score: 0

Scoring details
Component Score
Package activity 6.2
Repository activity 4.2
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 28
Versions matched to tags or releases 28
Alternatives
Package Score Description
docopt 0

📦 Dependency: ast-types

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.8
User activity 9.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 164
Number of git tags or releases 92
Versions matched to tags or releases 65
Alternatives
Package Score Description
@babel/types 0
recast 0

📦 Dependency: async

Trusty Score: 0

Scoring details
Component Score
Package activity 8.3
Repository activity 7.7
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 94
Number of git tags or releases 88
Versions matched to tags or releases 74
Alternatives
Package Score Description
bluebird 0
rxjs 0
async-kit 0

📦 Dependency: basic-ftp

Trusty Score: 0

Scoring details
Component Score
Package activity 5.6
Repository activity 4.3
User activity 6.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 169
Versions matched to tags or releases 103
Alternatives
Package Score Description
ftp 0
ftps 0

📦 Dependency: chalk

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.5
User activity 9.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 38
Number of git tags or releases 44
Versions matched to tags or releases 37
Alternatives
Package Score Description
colors 0
kleur 0
colorette 0
ansi-colors 0

📦 Dependency: commander

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 116
Number of git tags or releases 123
Versions matched to tags or releases 90
Alternatives
Package Score Description
yargs 0
minimist 0

📦 Dependency: data-uri-to-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 73
Versions matched to tags or releases 3
Alternatives
Package Score Description
data-urls 0

📦 Dependency: degenerator

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 65
Versions matched to tags or releases 5
Alternatives
Package Score Description
regenerator-runtime 0
co 0

📦 Dependency: escodegen

Trusty Score: 0

Scoring details
Component Score
Package activity 7.8
Repository activity 6.4
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 61
Number of git tags or releases 46
Versions matched to tags or releases 42
Alternatives
Package Score Description
uglify-js 0
terser 0

📦 Dependency: get-uri

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 87
Versions matched to tags or releases 4
Alternatives
Package Score Description
axios 0
got 0
node-fetch 0

📦 Dependency: html-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 0.6
User activity 4.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 6
Versions matched to tags or releases 6
Alternatives
Package Score Description
cheerio 0
htmlparser2 0
linkifyjs 0

📦 Dependency: http-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 79
Versions matched to tags or releases 9
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0

📦 Dependency: https-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 35
Number of git tags or releases 83
Versions matched to tags or releases 34
Alternatives
Package Score Description
proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: iconv-lite

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 51
Number of git tags or releases 42
Versions matched to tags or releases 41
Alternatives
Package Score Description
iconv 0
utf8 0

📦 Dependency: ip-address

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.7
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 48
Number of git tags or releases 49
Versions matched to tags or releases 38
Alternatives
Package Score Description
ip 0

📦 Dependency: is-absolute-url

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 2.9
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 9
Versions matched to tags or releases 9

📦 Dependency: is-relative-url

Trusty Score: 0

Scoring details
Component Score
Package activity 5.9
Repository activity 2.3
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 5
Versions matched to tags or releases 5

📦 Dependency: js-yaml

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.6
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 71
Number of git tags or releases 72
Versions matched to tags or releases 71
Alternatives
Package Score Description
yaml 0

📦 Dependency: jsbn

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.8
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 4
Number of git tags or releases 4
Versions matched to tags or releases 3
Alternatives
Package Score Description
bn.js 0
jsbi 0
big-integer 0

📦 Dependency: link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 5.5
Repository activity 3.1
User activity 7.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 41
Number of git tags or releases 44
Versions matched to tags or releases 40
Alternatives
Package Score Description
linkinator 0
broken-link-checker 0

📦 Dependency: lru-cache

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 113
Number of git tags or releases 84
Versions matched to tags or releases 84
Alternatives
Package Score Description
node-cache 0
hashlru 0
memory-cache 0
lru-cache-plus 0

📦 Dependency: markdown-link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 65
Number of git tags or releases 77
Versions matched to tags or releases 66

📦 Dependency: markdown-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 4.8
Repository activity 2.5
User activity 7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 23
Number of git tags or releases 25
Versions matched to tags or releases 23

📦 Dependency: marked

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.8
User activity 9.4
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 170
Number of git tags or releases 109
Versions matched to tags or releases 104

This package has been digitally signed using sigtore.
Source repository https://github.com/markedjs/marked
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/tests.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147737293
Alternatives
Package Score Description
markdown-it 0
remarkable 0
turndown 0

📦 Dependency: ms

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.2
User activity 9.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 17
Versions matched to tags or releases 17
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0
lodash 0
ramda 0
underscore 0

📦 Dependency: needle

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 50
Versions matched to tags or releases 23
Alternatives
Package Score Description
axios 0
superagent 0

📦 Dependency: netmask

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.8
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 10
Versions matched to tags or releases 9
Alternatives
Package Score Description
ip 0
ip-address 0
ip6 0

📦 Dependency: node-email-verifier

Trusty Score: 0

Scoring details
Component Score
Package activity 3.6
Repository activity 1.6
User activity 5.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 5
Versions matched to tags or releases 5
Alternatives
Package Score Description
email-existence 0

📦 Dependency: pac-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 83
Versions matched to tags or releases 8

📦 Dependency: pac-resolver

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 73
Versions matched to tags or releases 4

📦 Dependency: progress

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 20
Number of git tags or releases 16
Versions matched to tags or releases 12
Alternatives
Package Score Description
inquirer 0
ora 0
prompt 0
cli-progress 0
progress-bar-webpack-plugin 0

📦 Dependency: proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 73
Versions matched to tags or releases 10
Alternatives
Package Score Description
https-proxy-agent 0
tunnel-agent 0
global-agent 0

📦 Dependency: smart-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 4.7
Repository activity 3.1
User activity 6.3
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 32
Number of git tags or releases 15
Versions matched to tags or releases 11
Alternatives
Package Score Description
buffer 0
buffer-more-ints 0

📦 Dependency: socks

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.7
User activity 7.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 49
Number of git tags or releases 31
Versions matched to tags or releases 24
Alternatives
Package Score Description
http-proxy-agent 0
socks-proxy-agent 0
proxy-agent 0

📦 Dependency: socks-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 31
Number of git tags or releases 83
Versions matched to tags or releases 3
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: source-map

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 62
Number of git tags or releases 43
Versions matched to tags or releases 43
Alternatives
Package Score Description
source-map-explorer 0

📦 Dependency: sprintf-js

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5.8
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 14
Versions matched to tags or releases 6
Alternatives
Package Score Description
string-format 0

📦 Dependency: validator

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 8.3
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 211
Number of git tags or releases 101
Versions matched to tags or releases 92
Alternatives
Package Score Description
validator.js 0

📦 Dependency: xmlbuilder2

Trusty Score: 0

Scoring details
Component Score
Package activity 5.1
Repository activity 4
User activity 6.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 48
Versions matched to tags or releases 44
Alternatives
Package Score Description
xml2js 0
xml-js 0

@hello-caleb
Update fine-grained-news-2024-11.md
aa45ee6 
Minor fix: added time filtering to updates that were made in v1.8.0 along with BatchCheck
@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @oozcitak/dom

Trusty Score: 0

Scoring details
Component Score
Package activity 2.6
Repository activity 1.5
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 40
Number of git tags or releases 40
Versions matched to tags or releases 37
Alternatives
Package Score Description
jsdom 0
cheerio 0
domino 0

📦 Dependency: @oozcitak/infra

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: @oozcitak/url

Trusty Score: 0

Scoring details
Component Score
Package activity 2.2
Repository activity 0.9
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 13
Versions matched to tags or releases 12
Alternatives
Package Score Description
whatwg-url 0

📦 Dependency: @oozcitak/util

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1.1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 26
Versions matched to tags or releases 26
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: @tootallnate/quickjs-emscripten

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.6
User activity 7.6
Provenance historical_provenance_mismatched

📦 Dependency: agent-base

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 81
Versions matched to tags or releases 4
Alternatives
Package Score Description
agentkeepalive 0

📦 Dependency: argparse

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 4.3
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 28
Versions matched to tags or releases 28
Alternatives
Package Score Description
docopt 0

📦 Dependency: ast-types

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.8
User activity 9.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 164
Number of git tags or releases 92
Versions matched to tags or releases 65
Alternatives
Package Score Description
@babel/types 0
recast 0

📦 Dependency: async

Trusty Score: 0

Scoring details
Component Score
Package activity 8.3
Repository activity 7.7
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 94
Number of git tags or releases 88
Versions matched to tags or releases 74
Alternatives
Package Score Description
bluebird 0
rxjs 0
async-kit 0

📦 Dependency: basic-ftp

Trusty Score: 0

Scoring details
Component Score
Package activity 5.6
Repository activity 4.3
User activity 6.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 169
Versions matched to tags or releases 103
Alternatives
Package Score Description
ftp 0
ftps 0

📦 Dependency: chalk

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.5
User activity 9.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 38
Number of git tags or releases 44
Versions matched to tags or releases 37
Alternatives
Package Score Description
colors 0
kleur 0
colorette 0
ansi-colors 0

📦 Dependency: commander

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 116
Number of git tags or releases 123
Versions matched to tags or releases 90
Alternatives
Package Score Description
yargs 0
minimist 0

📦 Dependency: data-uri-to-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 73
Versions matched to tags or releases 3
Alternatives
Package Score Description
data-urls 0

📦 Dependency: degenerator

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 65
Versions matched to tags or releases 5
Alternatives
Package Score Description
regenerator-runtime 0
co 0

📦 Dependency: escodegen

Trusty Score: 0

Scoring details
Component Score
Package activity 7.8
Repository activity 6.4
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 61
Number of git tags or releases 46
Versions matched to tags or releases 42
Alternatives
Package Score Description
uglify-js 0
terser 0

📦 Dependency: get-uri

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 87
Versions matched to tags or releases 4
Alternatives
Package Score Description
axios 0
got 0
node-fetch 0

📦 Dependency: html-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 0.6
User activity 4.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 6
Versions matched to tags or releases 6
Alternatives
Package Score Description
cheerio 0
htmlparser2 0
linkifyjs 0

📦 Dependency: http-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 79
Versions matched to tags or releases 9
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0

📦 Dependency: https-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 35
Number of git tags or releases 83
Versions matched to tags or releases 34
Alternatives
Package Score Description
proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: iconv-lite

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 51
Number of git tags or releases 42
Versions matched to tags or releases 41
Alternatives
Package Score Description
iconv 0
utf8 0

📦 Dependency: ip-address

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.7
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 48
Number of git tags or releases 49
Versions matched to tags or releases 38
Alternatives
Package Score Description
ip 0

📦 Dependency: is-absolute-url

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 2.9
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 9
Versions matched to tags or releases 9

📦 Dependency: is-relative-url

Trusty Score: 0

Scoring details
Component Score
Package activity 5.9
Repository activity 2.3
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 5
Versions matched to tags or releases 5

📦 Dependency: js-yaml

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.6
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 71
Number of git tags or releases 72
Versions matched to tags or releases 71
Alternatives
Package Score Description
yaml 0

📦 Dependency: jsbn

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.8
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 4
Number of git tags or releases 4
Versions matched to tags or releases 3
Alternatives
Package Score Description
bn.js 0
jsbi 0
big-integer 0

📦 Dependency: link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 5.5
Repository activity 3.1
User activity 7.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 41
Number of git tags or releases 44
Versions matched to tags or releases 40
Alternatives
Package Score Description
linkinator 0
broken-link-checker 0

📦 Dependency: lru-cache

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 113
Number of git tags or releases 84
Versions matched to tags or releases 84
Alternatives
Package Score Description
node-cache 0
hashlru 0
memory-cache 0
lru-cache-plus 0

📦 Dependency: markdown-link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 65
Number of git tags or releases 77
Versions matched to tags or releases 66

📦 Dependency: markdown-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 4.8
Repository activity 2.6
User activity 7.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 23
Number of git tags or releases 25
Versions matched to tags or releases 23

📦 Dependency: marked

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.8
User activity 9.4
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 170
Number of git tags or releases 109
Versions matched to tags or releases 104

This package has been digitally signed using sigtore.
Source repository https://github.com/markedjs/marked
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/tests.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=152357009
Alternatives
Package Score Description
markdown-it 0
remarkable 0
turndown 0

📦 Dependency: ms

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.2
User activity 9.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 17
Versions matched to tags or releases 17
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0
lodash 0
ramda 0
underscore 0

📦 Dependency: needle

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 50
Versions matched to tags or releases 23
Alternatives
Package Score Description
axios 0
superagent 0

📦 Dependency: netmask

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.8
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 10
Versions matched to tags or releases 9
Alternatives
Package Score Description
ip 0
ip-address 0
ip6 0

📦 Dependency: node-email-verifier

Trusty Score: 0

Scoring details
Component Score
Package activity 3.6
Repository activity 1.6
User activity 5.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 5
Versions matched to tags or releases 5
Alternatives
Package Score Description
email-existence 0

📦 Dependency: pac-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 83
Versions matched to tags or releases 8

📦 Dependency: pac-resolver

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 73
Versions matched to tags or releases 4

📦 Dependency: progress

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 20
Number of git tags or releases 16
Versions matched to tags or releases 12
Alternatives
Package Score Description
inquirer 0
ora 0
prompt 0
cli-progress 0
progress-bar-webpack-plugin 0

📦 Dependency: proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 73
Versions matched to tags or releases 10
Alternatives
Package Score Description
https-proxy-agent 0
tunnel-agent 0
global-agent 0

📦 Dependency: smart-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 4.7
Repository activity 3.1
User activity 6.3
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 32
Number of git tags or releases 15
Versions matched to tags or releases 11
Alternatives
Package Score Description
buffer 0
buffer-more-ints 0

📦 Dependency: socks

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.7
User activity 7.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 49
Number of git tags or releases 31
Versions matched to tags or releases 24
Alternatives
Package Score Description
http-proxy-agent 0
socks-proxy-agent 0
proxy-agent 0

📦 Dependency: socks-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 31
Number of git tags or releases 83
Versions matched to tags or releases 3
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: source-map

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.3
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 62
Number of git tags or releases 43
Versions matched to tags or releases 43
Alternatives
Package Score Description
source-map-explorer 0

📦 Dependency: sprintf-js

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5.8
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 14
Versions matched to tags or releases 6
Alternatives
Package Score Description
string-format 0

📦 Dependency: validator

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 8.3
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 211
Number of git tags or releases 101
Versions matched to tags or releases 92
Alternatives
Package Score Description
validator.js 0

📦 Dependency: xmlbuilder2

Trusty Score: 0

Scoring details
Component Score
Package activity 5.1
Repository activity 4
User activity 6.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 48
Versions matched to tags or releases 44
Alternatives
Package Score Description
xml2js 0
xml-js 0

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @oozcitak/dom

Trusty Score: 0

Scoring details
Component Score
Package activity 2.6
Repository activity 1.5
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 40
Number of git tags or releases 40
Versions matched to tags or releases 37
Alternatives
Package Score Description
jsdom 0
cheerio 0
domino 0

📦 Dependency: @oozcitak/infra

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: @oozcitak/url

Trusty Score: 0

Scoring details
Component Score
Package activity 2.2
Repository activity 0.9
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 13
Versions matched to tags or releases 12
Alternatives
Package Score Description
whatwg-url 0

📦 Dependency: @oozcitak/util

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 1.1
User activity 3.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 26
Versions matched to tags or releases 26
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: @tootallnate/quickjs-emscripten

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.6
User activity 7.6
Provenance historical_provenance_mismatched

📦 Dependency: agent-base

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 81
Versions matched to tags or releases 4
Alternatives
Package Score Description
agentkeepalive 0

📦 Dependency: argparse

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 4.3
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 28
Versions matched to tags or releases 28
Alternatives
Package Score Description
docopt 0

📦 Dependency: ast-types

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.8
User activity 9.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 164
Number of git tags or releases 92
Versions matched to tags or releases 65
Alternatives
Package Score Description
@babel/types 0
recast 0

📦 Dependency: async

Trusty Score: 0

Scoring details
Component Score
Package activity 8.3
Repository activity 7.7
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 94
Number of git tags or releases 88
Versions matched to tags or releases 74
Alternatives
Package Score Description
bluebird 0
rxjs 0
async-kit 0

📦 Dependency: basic-ftp

Trusty Score: 0

Scoring details
Component Score
Package activity 5.6
Repository activity 4.3
User activity 6.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 169
Versions matched to tags or releases 103
Alternatives
Package Score Description
ftp 0
ftps 0

📦 Dependency: chalk

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.5
User activity 9.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 38
Number of git tags or releases 44
Versions matched to tags or releases 37
Alternatives
Package Score Description
colors 0
kleur 0
colorette 0
ansi-colors 0

📦 Dependency: commander

Trusty Score: 0

Scoring details
Component Score
Package activity 8.7
Repository activity 7.4
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 116
Number of git tags or releases 123
Versions matched to tags or releases 90
Alternatives
Package Score Description
yargs 0
minimist 0

📦 Dependency: data-uri-to-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 73
Versions matched to tags or releases 3
Alternatives
Package Score Description
data-urls 0

📦 Dependency: degenerator

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 65
Versions matched to tags or releases 5
Alternatives
Package Score Description
regenerator-runtime 0
co 0

📦 Dependency: escodegen

Trusty Score: 0

Scoring details
Component Score
Package activity 7.8
Repository activity 6.4
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 61
Number of git tags or releases 46
Versions matched to tags or releases 42
Alternatives
Package Score Description
uglify-js 0
terser 0

📦 Dependency: get-uri

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 87
Versions matched to tags or releases 4
Alternatives
Package Score Description
axios 0
got 0
node-fetch 0

📦 Dependency: html-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 2.3
Repository activity 0.6
User activity 4.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 6
Versions matched to tags or releases 6
Alternatives
Package Score Description
cheerio 0
htmlparser2 0
linkifyjs 0

📦 Dependency: http-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 79
Versions matched to tags or releases 9
Alternatives
Package Score Description
https-proxy-agent 0
global-agent 0

📦 Dependency: https-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 35
Number of git tags or releases 83
Versions matched to tags or releases 34
Alternatives
Package Score Description
proxy-agent 0
global-agent 0
global-tunnel-ng 0

📦 Dependency: iconv-lite

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 51
Number of git tags or releases 42
Versions matched to tags or releases 41
Alternatives
Package Score Description
iconv 0
utf8 0

📦 Dependency: ip-address

Trusty Score: 0

Scoring details
Component Score
Package activity 6.1
Repository activity 4.7
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 48
Number of git tags or releases 49
Versions matched to tags or releases 38
Alternatives
Package Score Description
ip 0

📦 Dependency: is-absolute-url

Trusty Score: 0

Scoring details
Component Score
Package activity 6.3
Repository activity 2.9
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 9
Versions matched to tags or releases 9

📦 Dependency: is-relative-url

Trusty Score: 0

Scoring details
Component Score
Package activity 5.9
Repository activity 2.3
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 6
Number of git tags or releases 5
Versions matched to tags or releases 5

📦 Dependency: js-yaml

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.6
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 71
Number of git tags or releases 72
Versions matched to tags or releases 71
Alternatives
Package Score Description
yaml 0

📦 Dependency: jsbn

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.8
User activity 7.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 4
Number of git tags or releases 4
Versions matched to tags or releases 3
Alternatives
Package Score Description
bn.js 0
jsbi 0
big-integer 0

📦 Dependency: link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 5.5
Repository activity 3.1
User activity 7.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 41
Number of git tags or releases 44
Versions matched to tags or releases 40
Alternatives
Package Score Description
linkinator 0
broken-link-checker 0

📦 Dependency: lru-cache

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 113
Number of git tags or releases 84
Versions matched to tags or releases 84
Alternatives
Package Score Description
node-cache 0
hashlru 0
memory-cache 0
lru-cache-plus 0

📦 Dependency: markdown-link-check

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 65
Number of git tags or releases 77
Versions matched to tags or releases 66

📦 Dependency: markdown-link-extractor

Trusty Score: 0

Scoring details
Component Score
Package activity 4.8
Repository activity 2.6
User activity 7.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 23
Number of git tags or releases 25
Versions matched to tags or releases 23

📦 Dependency: marked

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 7.8
User activity 9.4
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 170
Number of git tags or releases 109
Versions matched to tags or releases 104

This package has been digitally signed using sigtore.
Source repository https://github.com/markedjs/marked
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/tests.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=152357009
Alternatives
Package Score Description
markdown-it 0
remarkable 0
turndown 0

📦 Dependency: ms

Trusty Score: 0

Scoring details
Component Score
Package activity 7.9
Repository activity 6.2
User activity 9.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 17
Versions matched to tags or releases 17
Alternatives
Package Score Description
lodash 0
ramda 0
underscore 0

📦 Dependency: needle

Trusty Score: 0

Scoring details
Component Score
Package activity 7.4
Repository activity 6
User activity 8.8
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 112
Number of git tags or releases 50
Versions matched to tags or releases 23
Alternatives
Package Score Description
axios 0
superagent 0

📦 Dependency: netmask

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.8
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 10
Number of git tags or releases 10
Versions matched to tags or releases 9
Alternatives
Package Score Description
ip 0
ip6 0

📦 Dependency: node-email-verifier

Trusty Score: 0

Scoring details
Component Score
Package activity 3.6
Repository activity 1.6
User activity 5.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 5
Versions matched to tags or releases 5
Alternatives
Package Score Description
email-existence 0

📦 Dependency: pac-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 83
Versions matched to tags or releases 8

📦 Dependency: pac-resolver

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 25
Number of git tags or releases 73
Versions matched to tags or releases 4

📦 Dependency: progress

Trusty Score: 0

Scoring details
Component Score
Package activity 7.7
Repository activity 5.7
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 20
Number of git tags or releases 16
Versions matched to tags or releases 12
Alternatives
Package Score Description
inquirer 0
ora 0
prompt 0
cli-progress 0
progress-bar-webpack-plugin 0

📦 Dependency: proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 28
Number of git tags or releases 73
Versions matched to tags or releases 10
Alternatives
Package Score Description
tunnel-agent 0
global-agent 0

📦 Dependency: smart-buffer

Trusty Score: 0

Scoring details
Component Score
Package activity 4.7
Repository activity 3.1
User activity 6.3
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 32
Number of git tags or releases 15
Versions matched to tags or releases 11
Alternatives
Package Score Description
buffer 0
buffer-more-ints 0

📦 Dependency: socks

Trusty Score: 0

Scoring details
Component Score
Package activity 5.7
Repository activity 3.7
User activity 7.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 49
Number of git tags or releases 31
Versions matched to tags or releases 24
Alternatives
Package Score Description
socks-proxy-agent 0

📦 Dependency: socks-proxy-agent

Trusty Score: 0

Scoring details
Component Score
Package activity 7
Repository activity 5.2
User activity 8.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 31
Number of git tags or releases 83
Versions matched to tags or releases 3
Alternatives
Package Score Description
global-agent 0
global-tunnel-ng 0

📦 Dependency: source-map

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 6.4
User activity 10
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 62
Number of git tags or releases 43
Versions matched to tags or releases 43
Alternatives
Package Score Description
source-map-explorer 0

📦 Dependency: sprintf-js

Trusty Score: 0

Scoring details
Component Score
Package activity 6.9
Repository activity 5.8
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 14
Versions matched to tags or releases 6
Alternatives
Package Score Description
string-format 0

📦 Dependency: validator

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 8.3
User activity 8.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 211
Number of git tags or releases 101
Versions matched to tags or releases 92
Alternatives
Package Score Description
validator.js 0

📦 Dependency: xmlbuilder2

Trusty Score: 0

Scoring details
Component Score
Package activity 5.1
Repository activity 4
User activity 6.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 48
Versions matched to tags or releases 44
Alternatives
Package Score Description
xml2js 0
xml-js 0

@aaguiarz aaguiarz merged commit e750262 into main Dec 12, 2024
12 checks passed
@aaguiarz aaguiarz deleted the fgn-nov-2024 branch December 12, 2024 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaguiarz aaguiarz aaguiarz approved these changes

@rhamzeh rhamzeh rhamzeh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hello-caleb @rhamzeh @aaguiarz