@ama-sdk/swagger-builder
Swagger API Builder
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:swagger-schema-official | AI (dependencies): swagger-schema-official is a known official Swagger schema package; pinned commit-tag version is consistent with stable schema validation use. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit usage pattern is stable for this package. | ai | |
| phantom-deps | phantom-dep:openapi-types | AI (phantom-deps): openapi-types is a type-only dependency used in config/type declarations; not directly imported in source. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 14.3.0 | 9 / 35 | |
| 14.2.1 | 9 / 35 | |
| 13.5.10 | 9 / 34 | |
| 13.5.0 | 9 / 34 | |
| 13.4.4 | 9 / 36 | |
| 13.4.2 | 9 / 36 |
v14.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.