Description
Versions 4.5.2, 4.5.3, 4.5.4, and 4.5.5 were published to npm on 2026-05-30 without corresponding GitHub release tags. The latest GitHub release is v4.5.1.
Recommendation: Publish with npm publish --provenance inside your GitHub Actions workflow and ensure each npm release has a matching GitHub release tag.
Could you confirm that these releases are authorized and not the result of a compromised npm account or CI pipeline?
— StepSecurity Threat Intelligence team
Description
Versions 4.5.2, 4.5.3, 4.5.4, and 4.5.5 were published to npm on 2026-05-30 without corresponding GitHub release tags. The latest GitHub release is v4.5.1.
Recommendation: Publish with npm publish --provenance inside your GitHub Actions workflow and ensure each npm release has a matching GitHub release tag.
Could you confirm that these releases are authorized and not the result of a compromised npm account or CI pipeline?
— StepSecurity Threat Intelligence team