@agimon-ai/video-editor-mcp
MCP server for video editing with Remotion
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@agimon-ai/foundation-port-registry | AI (phantom-deps): Declared same-org dependency; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/google-fonts | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@modelcontextprotocol/sdk | AI (phantom-deps): Declared MCP framework dependency; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Declared dependency used by framework; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Declared dependency used by CLI; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Declared dependency used by Remotion; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:remotion | AI (phantom-deps): Core declared dependency; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): Declared dependency used by CLI; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:inversify | AI (phantom-deps): Declared dependency used by framework; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Declared dependency used by Remotion; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/cli | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/gif | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/fonts | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/lottie | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/bundler | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/captions | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/renderer | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/media-utils | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@remotion/transitions | AI (phantom-deps): Declared Remotion subpackage; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:reflect-metadata | AI (phantom-deps): Known implicit runtime dependency for inversify DI framework; stable for this package. | ai | |
| phantom-deps | phantom-dep:sharp | AI (phantom-deps): Known implicit runtime/binary dependency for image processing; stable for this package. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 0.11.1 | 23 / 6 | |
| 0.11.0 | 23 / 6 | |
| 0.10.5 | 23 / 6 | |
| 0.10.4 | 23 / 6 | |
| 0.10.3 | 23 / 6 | |
| 0.10.2 | 23 / 6 | |
| 0.10.1 | 23 / 6 | |
| 0.10.0 | 23 / 6 | |
| 0.9.7 | 23 / 6 | |
| 0.9.6 | 23 / 6 | |
| 0.9.5 | 23 / 6 | |
| 0.9.4 | 23 / 6 | |
| 0.9.3 | 23 / 6 | |
| 0.9.1 | 23 / 6 | |
| 0.9.0 | 23 / 6 | |
| 0.8.7 | 23 / 6 | |
| 0.8.6 | 23 / 6 | |
| 0.8.5 | 23 / 6 | |
| 0.8.4 | 23 / 6 | |
| 0.8.3 | 23 / 6 | |
| 0.8.2 | 23 / 6 | |
| 0.8.0 | 22 / 5 | |
| 0.7.0 | 22 / 5 | |
| 0.6.0 | 22 / 5 | |
| 0.5.3 | 22 / 5 | |
| 0.5.2 | 21 / 5 | |
| 0.5.1 | 21 / 5 | |
| 0.5.0 | 21 / 5 | |
| 0.4.0 | 21 / 5 | |
| 0.3.1 | 21 / 5 | |
| 0.3.0 | 21 / 5 | |
| 0.2.12 | 20 / 5 | |
| 0.2.11 | 20 / 5 | |
| 0.2.10 | 20 / 5 | |
| 0.2.9 | 19 / 5 | |
| 0.2.7 | 19 / 5 | |
| 0.2.6 | 19 / 5 | |
| 0.2.5 | 19 / 5 | |
| 0.2.4 | 19 / 5 | |
| 0.2.3 | 19 / 5 | |
| 0.2.2 | 19 / 5 | |
| 0.2.1 | 19 / 5 | |
| 0.2.0 | 19 / 5 |
v0.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.