Skip to content

v0.7.0 — provenance continuity

Choose a tag to compare

@Mickdownunder Mickdownunder released this 23 Jun 14:00

Added

Provenance continuity — a per-package trust baseline that catches what npm structurally cannot.

npm verifies provenance at publish time but does not enforce continuity between versions. A compromised account can publish a version with no attestation (from a stolen token) or from a different repository, and npm raises no alarm. This is the dominant 2026 attack pattern (Mastra, the dormant-account republishes).

Continuity learns a per-package baseline from the provenance identity of recent versions and blocks deviations:

  • provenance-downgrade — recent versions were attested, this one is not (the fingerprint of an account-compromise publish).
  • identity-discontinuity — this version is attested from a different source repository than the established baseline.

Learned per package, so packages that never adopted provenance have no baseline and the check stays silent — no false positives. Reads npm's attestation metadata, so it works without the optional sigstore package. Opt in via continuity.mode.

The attack replay (pnpm replay mastra) now demonstrates the provenance-downgrade verdict — the catch npm defaults cannot make.

Honest limit: does not catch an attack delivered through a legitimately-compromised CI workflow with valid provenance from the real repository (the Shai-Hulud class).

Full changelog: https://github.com/Mickdownunder/SafeInstall/blob/main/CHANGELOG.md