@adobe/data — Greenflagged

Adobe data oriented programming library

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

marbectripodgarthdblazdadobe-adminpatrickfultontrieloffshazronkrisnyedcpfsdknatebaldwindevongovettaspro83symanovidpfisterstefan-guggisbergrofekptdobeadobehallsfullcolorcoderdjaeggidylandepassmhaackamol-anandstopp-adobedotenduh_schmidtasthabh23zdahbituicufmeschbe

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:new-function-constructor	AI (semgrep): Used to generate typed-buffer struct readers from layout metadata; controlled input, not user-supplied arbitrary code.	ai	2026/05/31
npm-metadata	bundled-binaries	AI (npm-metadata): Binary is a WASM/native artifact from the documented AssemblyScript build pipeline; stable for this package.	ai	2026/05/31
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used in a Proxy get trap for transparent property forwarding — idiomatic JS, not obfuscation.	ai	2026/05/30
dependencies	unvetted-dep:@spectrum-web-components/card	AI (dependencies): Adobe's official Spectrum Web Components library; expected dep for this Adobe package.	ai	2026/05/28
dependencies	unvetted-dep:@spectrum-web-components/action-group	AI (dependencies): Adobe's official Spectrum Web Components library; expected dep for this Adobe package.	ai	2026/05/28
phantom-deps	phantom-dep:@lit/context	AI (phantom-deps): Lit context referenced in config; stable false positive for this package.	ai	2026/05/28
phantom-deps	phantom-dep:@spectrum-web-components/card	AI (phantom-deps): SWC components loaded via side-effect/HTML; not directly imported in JS but legitimately used.	ai	2026/05/18
phantom-deps	phantom-dep:@spectrum-web-components/theme	AI (phantom-deps): SWC components loaded via side-effect/HTML; not directly imported in JS but legitimately used.	ai	2026/05/18
phantom-deps	phantom-dep:@spectrum-web-components/styles	AI (phantom-deps): SWC components loaded via side-effect/HTML; not directly imported in JS but legitimately used.	ai	2026/05/18
phantom-deps	phantom-dep:@spectrum-web-components/button	AI (phantom-deps): SWC components loaded via side-effect/HTML; not directly imported in JS but legitimately used.	ai	2026/05/18

Versions (showing 51 of 123)

View all versions

Version	Deps	Published
0.9.63	3 / 35	2026-06-05
0.9.62	3 / 35	2026-06-05
0.9.61	3 / 35	2026-06-02
0.9.60	3 / 35	2026-05-27
0.9.59	3 / 35	2026-05-27
0.9.58	3 / 35	2026-05-27
0.9.57	3 / 35	2026-05-26
0.9.56	3 / 35	2026-05-08
0.9.55	3 / 35	2026-05-07
0.9.54	3 / 35	2026-05-01
0.9.53	3 / 35	2026-04-23
0.9.52	3 / 35	2026-04-18
0.9.51	3 / 35	2026-04-18
0.9.50	3 / 35	2026-04-16
0.9.48	3 / 35	2026-04-13
0.9.47	3 / 35	2026-04-13
0.9.46	3 / 35	2026-04-13
0.9.45	3 / 35	2026-03-26
0.9.44	3 / 35	2026-03-14
0.9.43	3 / 35	2026-03-14
0.9.42	3 / 35	2026-03-14
0.9.41	3 / 35	2026-03-11
0.9.40	3 / 35	2026-03-11
0.9.39	3 / 35	2026-03-07
0.9.37	3 / 35	2026-03-03
0.9.36	3 / 35	2026-03-03
0.9.35	3 / 35	2026-03-03
0.9.34	3 / 35	2026-02-27
0.9.33	2 / 35	2026-02-27
0.9.32	2 / 35	2026-02-26
0.9.31	2 / 35	2026-02-23
0.9.30	2 / 35	2026-02-22
0.9.29	2 / 35	2026-02-22
0.9.28	2 / 35	2026-02-19
0.9.27	2 / 35	2026-02-17
0.9.26	2 / 35	2026-02-17
0.9.25	2 / 35	2026-02-17
0.9.24	2 / 35	2026-02-17
0.9.23	2 / 35	2026-02-16
0.9.22	2 / 35	2026-02-15
0.9.21	2 / 35	2026-02-15
0.9.20	2 / 35	2026-02-15
0.9.19	2 / 35	2026-02-13
0.9.17	2 / 35	2026-02-08
0.9.16	2 / 35	2026-02-07
0.9.11	2 / 35	2026-02-07
0.9.7	11 / 38	2026-01-27
0.9.6	11 / 38	2026-01-23
0.9.5	11 / 38	2026-01-15
0.9.4	11 / 38	2026-01-08
0.9.2	11 / 38	2025-12-26