@agentworkforce/ricky
Workflow reliability, coordination, and authoring product for AgentWorkforce
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index.js | AI (source-diff): dist/index.js is esbuild-bundled output with readable source; long lines are from bundling, not obfuscation. | ai | |
| phantom-deps | phantom-dep:ora | AI (phantom-deps): CLI spinner; likely loaded conditionally or via config, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ssh2 | AI (phantom-deps): SSH utility dep for workflow CLI; referenced in config, not a direct import pattern. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Used as a runtime dep for type-checking features; config-referenced pattern is stable. | ai | |
| phantom-deps | phantom-dep:@agent-relay/sdk | AI (phantom-deps): Same org ecosystem dep; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@inquirer/prompts | AI (phantom-deps): CLI prompts dep; conditionally loaded, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agent-relay/agent | AI (phantom-deps): Same org ecosystem dep; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agent-relay/personas | AI (phantom-deps): Same org ecosystem dep; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:mdast-util-from-markdown | AI (phantom-deps): Markdown parsing dep; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agentworkforce/harness-kit | AI (phantom-deps): Same org scope; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agent-assistant/turn-context | AI (phantom-deps): Same org ecosystem dep; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agentworkforce/workload-router | AI (phantom-deps): Same org scope; config-referenced, stable false positive. | ai | |
| phantom-deps | phantom-dep:@agent-relay/cloud | AI (phantom-deps): Same org ecosystem dep; config-referenced, stable false positive. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Pattern fires in a subprocess spawn helper where forwarding process.env is intentional and standard; not a data-exfiltration risk. | ai |
Versions (showing 84 of 84)
| Version | Deps | Published |
|---|---|---|
| 0.1.83 | 12 / 6 | |
| 0.1.82 | 12 / 6 | |
| 0.1.81 | 12 / 6 | |
| 0.1.80 | 12 / 6 | |
| 0.1.79 | 12 / 6 | |
| 0.1.78 | 12 / 6 | |
| 0.1.77 | 12 / 6 | |
| 0.1.76 | 12 / 6 | |
| 0.1.75 | 12 / 6 | |
| 0.1.74 | 12 / 6 | |
| 0.1.73 | 12 / 6 | |
| 0.1.72 | 12 / 6 | |
| 0.1.71 | 12 / 6 | |
| 0.1.70 | 12 / 6 | |
| 0.1.69 | 12 / 6 | |
| 0.1.68 | 12 / 6 | |
| 0.1.67 | 12 / 6 | |
| 0.1.66 | 12 / 6 | |
| 0.1.65 | 12 / 6 | |
| 0.1.64 | 12 / 6 | |
| 0.1.63 | 12 / 6 | |
| 0.1.62 | 12 / 6 | |
| 0.1.61 | 12 / 6 | |
| 0.1.60 | 12 / 6 | |
| 0.1.59 | 12 / 6 | |
| 0.1.58 | 12 / 6 | |
| 0.1.57 | 12 / 6 | |
| 0.1.56 | 12 / 6 | |
| 0.1.55 | 12 / 6 | |
| 0.1.54 | 12 / 6 | |
| 0.1.53 | 12 / 6 | |
| 0.1.52 | 12 / 6 | |
| 0.1.51 | 12 / 6 | |
| 0.1.50 | 10 / 6 | |
| 0.1.49 | 10 / 6 | |
| 0.1.48 | 10 / 6 | |
| 0.1.47 | 10 / 6 | |
| 0.1.46 | 10 / 6 | |
| 0.1.45 | 10 / 6 | |
| 0.1.44 | 10 / 6 | |
| 0.1.43 | 10 / 6 | |
| 0.1.42 | 10 / 6 | |
| 0.1.41 | 10 / 6 | |
| 0.1.40 | 10 / 6 | |
| 0.1.39 | 8 / 6 | |
| 0.1.38 | 8 / 6 | |
| 0.1.37 | 8 / 6 | |
| 0.1.36 | 8 / 5 | |
| 0.1.35 | 8 / 5 | |
| 0.1.34 | 8 / 5 | |
| 0.1.33 | 8 / 5 | |
| 0.1.32 | 8 / 5 | |
| 0.1.31 | 8 / 5 | |
| 0.1.30 | 8 / 5 | |
| 0.1.29 | 8 / 5 | |
| 0.1.28 | 8 / 5 | |
| 0.1.27 | 8 / 5 | |
| 0.1.26 | 8 / 5 | |
| 0.1.25 | 8 / 5 | |
| 0.1.24 | 8 / 5 | |
| 0.1.23 | 8 / 5 | |
| 0.1.22 | 8 / 5 | |
| 0.1.21 | 8 / 5 | |
| 0.1.20 | 8 / 5 | |
| 0.1.19 | 8 / 5 | |
| 0.1.18 | 8 / 5 | |
| 0.1.17 | 8 / 5 | |
| 0.1.16 | 8 / 5 | |
| 0.1.15 | 8 / 5 | |
| 0.1.14 | 8 / 5 | |
| 0.1.13 | 8 / 5 | |
| 0.1.12 | 8 / 5 | |
| 0.1.11 | 8 / 5 | |
| 0.1.10 | 8 / 5 | |
| 0.1.9 | 8 / 5 | |
| 0.1.8 | 8 / 5 | |
| 0.1.7 | 8 / 5 | |
| 0.1.6 | 7 / 5 | |
| 0.1.5 | 7 / 5 | |
| 0.1.4 | 6 / 5 | |
| 0.1.3 | 3 / 5 | |
| 0.1.2 | 2 / 4 | |
| 0.1.1 | 2 / 4 | |
| 0.1.0 | 2 / 4 |
v0.1.83
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.82
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.81
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.80
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.79
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.78
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.77
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.76
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.75
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.74
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.73
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.72
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.71
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.70
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.69
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.68
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.65
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.