{"package":"sigstore","ecosystem":"npm","latest_version":"4.1.0","description":"code-signing for npm packages","license":"Apache-2.0","homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme","repository":"https://github.com/sigstore/sigstore-js","downloads_weekly":8503634,"health":{"score":71,"risk":"moderate","breakdown":{"maintenance":15,"popularity":17,"security":25,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"4.1.0","total_count":38,"recent":["1.3.2","1.4.0","1.5.0","1.5.1","1.5.2","1.6.0","1.7.0","1.8.0","1.9.0","2.0.0","2.1.0","2.2.0","2.2.1","2.2.2","2.3.0","2.3.1","3.0.0","3.1.0","4.0.0","4.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2022-08-08T20:42:14.283Z","last_published":"2025-12-19T16:54:56.285Z","dependencies_count":6,"dependencies":["@sigstore/bundle","@sigstore/core","@sigstore/protobuf-specs","@sigstore/sign","@sigstore/tuf","@sigstore/verify"]},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.1.0","version_hint":null,"summary":"sigstore@4.1.0 is safe to use (health: 71/100)"},"requested_version":null,"_cache":"miss","_response_ms":718,"_powered_by":"depscope.dev — free package intelligence for AI agents"}