sigstore

npmv4.1.0

code-signing for npm packages

License: Apache-2.038 versions1 maintainers6 deps8,525,045 weekly downloads
sigstore/sigstore-js
71
/100
Health Score

Recommendation

[email protected] is safe to use (health: 71/100)

Health Breakdown

15/25
maintenance
17/20
popularity
25/25
security
12/15
maturity
2/15
community

Vulnerabilities

No known vulnerabilities in the latest version.

Dependencies (6)

@sigstore/bundle@sigstore/core@sigstore/protobuf-specs@sigstore/sign@sigstore/tuf@sigstore/verify

API Access

Get this data programmatically — free, no authentication required:

curl https://depscope.dev/api/check/npm/sigstore

First published: 2022-08-08T20:42:14.283Z

Last updated: 2025-12-19T16:54:56.285Z

Data from DepScope — Package Intelligence for AI Agents

sigstore — Health Score 71/100 | DepScope