@514labs/moose-lib — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

calliclestimgdelislejonathan514luciofrancogeorgevanderson514bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-peer-dep:ts-patch	AI (dependencies): Peer dependency in optional peer deps; already marked as accepted risk.	ai	2026/04/27
provenance	publisher-changed	AI (provenance): 514labs transitioned from 514bot to GitHub Actions for publishing, confirmed by SLSA provenance attestation. This is a legitimate CI/CD migration, not a compromise.	ai	2026/04/27
maintainer-change	maintainer-added	AI (maintainer-change): luciofranco appears to be a legitimate team member addition within the 514labs org, consistent with the GitHub Actions publishing transition and SLSA attestation.	ai	2026/04/27
publish-pattern	new-deps-added	AI (publish-pattern): @514labs/kafka-javascript is a same-org scoped package, not a third-party injection. Consistent with internal tooling expansion.	ai	2026/04/27
provenance	no-provenance	AI (provenance): Provenance attestation is missing but common across npm ecosystem; not a disqualifier for established packages with clean publisher track records.	ai	2026/04/27
dependencies	unvetted-dep:@confluentinc/kafka-javascript	AI (dependencies): @confluentinc/kafka-javascript is the official Confluent Kafka JS client; legitimate dependency for a data engineering framework like moose-lib.	ai	2026/04/27
phantom-deps	phantom-dep:tsconfig-paths	AI (phantom-deps): tsconfig-paths is used at runtime via ts-node for TypeScript path resolution; not directly imported in source but legitimately needed.	ai	2026/04/27
bogus-package	bogus-package	AI (bogus-package): Package is 695 days old with 4213 versions and a legitimate data engineering framework purpose; missing metadata is a hygiene issue, not a spam/malware indicator.	ai	2026/04/27
dependencies	unvetted-dep:@514labs/kafka-javascript	AI (dependencies): Publisher's own patched fork of kafka-javascript; consistent with the package's data infrastructure focus.	ai	2026/04/26
dependencies	unvetted-dep:@kafkajs/confluent-schema-registry	AI (dependencies): Well-known Confluent Schema Registry client maintained by the KafkaJS org. Legitimate dependency for Kafka-based data pipelines.	ai	2026/04/26
dependencies	unvetted-dep:@temporalio/client	AI (dependencies): Temporal.io SDK is a well-known, legitimate workflow orchestration library from Temporal Technologies. Stable dependency for this data infrastructure package.	ai	2026/04/26
dependencies	unvetted-dep:@temporalio/common	AI (dependencies): Temporal.io SDK common package from Temporal Technologies. Legitimate and stable dependency.	ai	2026/04/26
dependencies	unvetted-dep:@temporalio/worker	AI (dependencies): Temporal.io SDK worker package from Temporal Technologies. Legitimate and stable dependency.	ai	2026/04/26
dependencies	unvetted-dep:@temporalio/activity	AI (dependencies): Temporal.io SDK activity package from Temporal Technologies. Legitimate and stable dependency.	ai	2026/04/26
dependencies	unvetted-dep:@temporalio/workflow	AI (dependencies): Temporal.io SDK workflow package from Temporal Technologies. Legitimate and stable dependency.	ai	2026/04/26
dependencies	unvetted-dep:@clickhouse/client-web	AI (dependencies): Official ClickHouse browser-compatible client from ClickHouse Inc. Legitimate dependency for a data infrastructure library.	ai	2026/04/26
npm-metadata	no-description	AI (npm-metadata): Automated CI/CD publishing pipeline for an established package; missing description is a cosmetic issue, not a security signal.	ai	2026/04/25
phantom-deps	phantom-dep:@clickhouse/client-web	AI (phantom-deps): ClickHouse web client declared for browser-compatible export path; phantom-dep flag is expected given the conditional export structure.	ai	2026/04/25
phantom-deps	phantom-dep:@temporalio/common	AI (phantom-deps): Temporal common types package declared for type-level usage; phantom-dep flag is expected for type/config dependencies.	ai	2026/04/25
phantom-deps	phantom-dep:fastq	AI (phantom-deps): fastq is a legitimate declared dependency used transitively; phantom-dep flag is a structural note, not a security concern for this package.	ai	2026/04/25

Versions (showing 100 of 576)

Version	Deps	Published
0.4.300	16 / 10	2025-07-11
0.4.299	16 / 10	2025-07-11
0.4.298	16 / 10	2025-07-10
0.4.297	16 / 10	2025-07-10
0.4.296	16 / 10	2025-07-10
0.4.295	16 / 10	2025-07-10
0.4.294	16 / 10	2025-07-09
0.4.293	16 / 10	2025-07-09
0.4.292	16 / 10	2025-07-09
0.4.291	16 / 10	2025-07-09
0.4.290	16 / 10	2025-07-09
0.4.289	16 / 10	2025-07-09
0.4.288	16 / 10	2025-07-09
0.4.287	16 / 10	2025-07-09
0.4.286	16 / 10	2025-07-08
0.4.285	16 / 10	2025-07-08
0.4.284	16 / 10	2025-07-08
0.4.283	16 / 10	2025-07-08
0.4.282	16 / 10	2025-07-08
0.4.281	16 / 10	2025-07-08
0.4.280	16 / 10	2025-07-08
0.4.279	16 / 10	2025-07-07
0.4.278	16 / 10	2025-07-06
0.4.277	16 / 10	2025-07-04
0.4.276	16 / 10	2025-07-04
0.4.275	16 / 10	2025-07-04
0.4.274	16 / 10	2025-07-03
0.4.273	16 / 10	2025-07-03
0.4.272	16 / 10	2025-07-03
0.4.271	16 / 10	2025-07-03
0.4.270	16 / 10	2025-07-03
0.4.269	16 / 10	2025-07-03
0.4.268	16 / 10	2025-07-03
0.4.267	16 / 10	2025-07-03
0.4.266	16 / 10	2025-07-03
0.4.265	16 / 10	2025-07-03
0.4.264	16 / 10	2025-07-02
0.4.263	16 / 10	2025-07-02
0.4.262	16 / 10	2025-07-02
0.4.261	16 / 10	2025-07-02
0.4.260	16 / 10	2025-07-02
0.4.259	16 / 10	2025-07-01
0.4.258	16 / 10	2025-07-01
0.4.257	16 / 10	2025-07-01
0.4.256	16 / 10	2025-06-30
0.4.255	16 / 10	2025-06-30
0.4.254	16 / 10	2025-06-30
0.4.253	16 / 10	2025-06-30
0.4.252	16 / 10	2025-06-30
0.4.251	16 / 10	2025-06-28
0.4.250	16 / 10	2025-06-28
0.4.249	16 / 10	2025-06-28
0.4.248	16 / 10	2025-06-28
0.4.247	16 / 10	2025-06-28
0.4.246	16 / 10	2025-06-28
0.4.245	16 / 10	2025-06-28
0.4.244	16 / 10	2025-06-27
0.4.243	16 / 10	2025-06-26
0.4.242	16 / 10	2025-06-26
0.4.241	16 / 10	2025-06-26
0.4.240	16 / 10	2025-06-25
0.4.239	16 / 10	2025-06-25
0.4.238	16 / 10	2025-06-24
0.4.237	16 / 10	2025-06-24
0.4.236	16 / 10	2025-06-23
0.4.235	16 / 10	2025-06-23
0.4.234	15 / 10	2025-06-21
0.4.233	15 / 10	2025-06-20
0.4.232	15 / 10	2025-06-20
0.4.231	15 / 10	2025-06-20
0.4.230	15 / 10	2025-06-20
0.4.229	15 / 10	2025-06-20
0.4.228	15 / 10	2025-06-19
0.4.227	15 / 6	2025-06-19
0.4.226	15 / 6	2025-06-18
0.4.225	15 / 6	2025-06-17
0.4.224	15 / 6	2025-06-17
0.4.223	15 / 6	2025-06-17
0.4.222	15 / 6	2025-06-17
0.4.221	15 / 6	2025-06-13
0.4.220	15 / 6	2025-06-13
0.4.219	15 / 6	2025-06-13
0.4.218	15 / 6	2025-06-13
0.4.217	15 / 6	2025-06-12
0.4.216	15 / 6	2025-06-12
0.4.215	15 / 6	2025-06-12
0.4.214	15 / 6	2025-06-11
0.4.213	15 / 6	2025-06-10
0.4.212	15 / 6	2025-06-10
0.4.211	14 / 6	2025-06-10
0.4.210	14 / 6	2025-06-10
0.4.209	14 / 6	2025-06-10
0.4.208	14 / 6	2025-06-09
0.4.207	14 / 6	2025-06-09
0.4.206	14 / 6	2025-06-09
0.4.205	14 / 6	2025-06-09
0.4.204	14 / 6	2025-06-09
0.4.203	14 / 6	2025-06-09
0.4.202	14 / 6	2025-06-09
0.4.201	14 / 6	2025-06-08

Showing 100 of 576 Next page →