Loading...
What is this list?
This site shows the top 500 most-downloaded packages on
npm
showing which have been uploaded with attestations.
- Green packages with a 🔏 have attestations for their latest release
- Gray packages with a ⏰ comes from a supported CI/CD provider but were uploaded before attestations
were available
- Yellow packages with a ➖ come from a supported CI/CD provider but have no attestations (yet!)
- Magenta packages with a 🚫 come from an unsupported CI/CD provider
Additionally packages with a 📄 use Trusted Publishing instead of long-lived API tokens.
Refer to the npm docs for more details about
Trusted Publishers and
generating provenance
statements.