@activepieces/piece-snowflake

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

abuaboudactivepieces-botabdul_activepiecer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:ai	AI (phantom-deps): Monorepo shared deps declared at root; phantom-dep heuristic fires as false positive.	ai	2026/05/20
phantom-deps	phantom-dep:fast-glob	AI (phantom-deps): Same monorepo shared-dep false positive pattern.	ai	2026/05/20
phantom-deps	phantom-dep:@ai-sdk/google	AI (phantom-deps): Same monorepo shared-dep false positive pattern.	ai	2026/05/20
phantom-deps	phantom-dep:@ai-sdk/openai	AI (phantom-deps): Same monorepo shared-dep false positive pattern.	ai	2026/05/20
phantom-deps	phantom-dep:@ai-sdk/anthropic	AI (phantom-deps): Same monorepo shared-dep false positive pattern.	ai	2026/05/20
phantom-deps	phantom-dep:@ai-sdk/replicate	AI (phantom-deps): Same monorepo shared-dep false positive pattern.	ai	2026/05/20
npm-metadata	no-description	AI (npm-metadata): Monorepo piece package; missing description is consistent across @activepieces/* packages.	ai	2026/05/19
phantom-deps	phantom-dep:nanoid	AI (phantom-deps): Shared monorepo dependency; phantom-dep heuristic fires on transitive/config-level usage.	ai	2026/05/19
phantom-deps	phantom-dep:deepmerge-ts	AI (phantom-deps): Shared monorepo dependency; phantom-dep heuristic fires on transitive/config-level usage.	ai	2026/05/19
phantom-deps	phantom-dep:socket.io-client	AI (phantom-deps): Shared monorepo dependency; phantom-dep heuristic fires on transitive/config-level usage.	ai	2026/05/19
phantom-deps	phantom-dep:@sinclair/typebox	AI (phantom-deps): Shared monorepo dependency; phantom-dep heuristic fires on transitive/config-level usage.	ai	2026/05/19
phantom-deps	phantom-dep:semver	AI (phantom-deps): Shared monorepo dependency; phantom-dep heuristic fires on transitive/config-level usage.	ai	2026/05/19
bogus-package	bogus-package	AI (bogus-package): Scoped monorepo package; sparse metadata is expected for @activepieces/* pieces.	ai	2026/05/19
dependencies	unvetted-dep:homedir-polyfill	AI (dependencies): Legitimate homedir polyfill; transitive dep of snowflake-sdk.	ai	2026/05/16
dependencies	unvetted-dep:parse-passwd	AI (dependencies): Legitimate passwd-file parser; transitive dep of snowflake-sdk.	ai	2026/05/16
dependencies	unvetted-dep:minimalistic-assert	AI (dependencies): Legitimate minimal assert utility; transitive dep of snowflake-sdk.	ai	2026/05/16
phantom-deps	phantom-dep:ms	AI (phantom-deps): Activepieces piece packages bundle transitive deps in package.json; phantom-dep is a stable false positive for this package family.	ai	2026/05/16
phantom-deps	phantom-dep:axios	AI (phantom-deps): Same monorepo bundling pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:uuid	AI (phantom-deps): Same monorepo bundling pattern; stable false positive.	ai	2026/05/16
dependencies	unvetted-dep:gopd	AI (dependencies): gopd is a well-known ECMAScript intrinsics utility; no malware risk.	ai	2026/05/16
dependencies	unvetted-dep:expand-tilde	AI (dependencies): Legitimate path-expansion utility used by snowflake-sdk.	ai	2026/05/16

Versions (showing 17 of 17)

Version	Deps	Published
0.3.2	5 / 0	2026-04-30
0.3.1	5 / 0	2026-04-23
0.3.0	292 / 0	2026-04-16
0.2.1	292 / 0	2026-04-12
0.2.0	5 / 0	2026-03-19
0.1.4	5 / 0	2026-03-02
0.1.3	10 / 0	2026-02-23
0.1.2	11 / 0	2026-02-05
0.1.1	11 / 0	2026-02-03
0.1.0	9 / 0	2025-12-29
0.0.17	8 / 0	2025-10-31
0.0.16	8 / 0	2025-09-25
0.0.15	9 / 0	2025-08-27
0.0.14	9 / 0	2025-08-26
0.0.13	9 / 0	2025-08-25
0.0.12	14 / 0	2025-08-12
0.0.11	14 / 0	2025-08-10