@awell-health/awell-extensions
100
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
awell-jonathanebomcke-awellpawelskr
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Provenance attestation is absent in ~88% of npm packages; not a disqualifier for an established, well-maintained package with strong publisher history. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established 1070-day-old package with proper repo/homepage URLs; missing description is a cosmetic issue, not a malware signal. | ai | |
| phantom-deps | phantom-dep:xml2js | AI (phantom-deps): xml2js is a declared runtime dependency; indirect usage pattern is expected in a large multi-integration extensions library. | ai | |
| phantom-deps | phantom-dep:@types/json-schema | AI (phantom-deps): Framework-scoped type package loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:jsonpath | AI (phantom-deps): jsonpath is a declared runtime dependency; indirect usage pattern is expected in this extensions library. | ai | |
| phantom-deps | phantom-dep:openai | AI (phantom-deps): openai is a declared runtime dependency used in LangChain/AI integrations within this extensions library; indirect import pattern is expected. | ai | |
| dependencies | unvetted-dep:sanitize-html | AI (dependencies): sanitize-html is a well-known, legitimate HTML sanitization library; expected dependency for a healthcare extensions platform. | ai | |
| dependencies | unvetted-dep:docusign-esign | AI (dependencies): docusign-esign is the official DocuSign Node.js SDK; expected dependency for a healthcare workflow extensions package. | ai |
Versions (showing 100 of 215)
| Version | Deps | Published |
|---|---|---|
| 2.1.21 | 52 / 51 | |
| 2.1.20 | 52 / 51 | |
| 2.1.19 | 52 / 51 | |
| 2.1.18 | 52 / 51 | |
| 2.1.17 | 52 / 51 | |
| 2.1.16 | 52 / 51 | |
| 2.1.15 | 52 / 51 | |
| 2.1.14 | 52 / 51 | |
| 2.1.13 | 52 / 51 | |
| 2.1.12 | 52 / 51 | |
| 2.1.11 | 51 / 51 | |
| 2.1.10 | 51 / 51 | |
| 2.1.9 | 51 / 51 | |
| 2.1.8 | 51 / 51 | |
| 2.1.7 | 51 / 51 | |
| 2.1.6 | 51 / 51 | |
| 2.1.5 | 51 / 51 | |
| 2.1.4 | 51 / 51 | |
| 2.1.3 | 51 / 51 | |
| 2.1.2 | 51 / 51 | |
| 2.1.1 | 51 / 51 | |
| 2.0.330 | 51 / 50 | |
| 2.0.329 | 51 / 50 | |
| 2.0.328 | 51 / 50 | |
| 2.0.327 | 51 / 50 | |
| 2.0.326 | 51 / 50 | |
| 2.0.324 | 51 / 50 | |
| 2.0.323 | 51 / 50 | |
| 2.0.322 | 51 / 50 | |
| 2.0.321 | 51 / 50 | |
| 2.0.320 | 50 / 50 | |
| 2.0.319 | 50 / 50 | |
| 2.0.318 | 50 / 50 | |
| 2.0.317 | 50 / 50 | |
| 2.0.316 | 50 / 50 | |
| 2.0.315 | 50 / 50 | |
| 2.0.314 | 50 / 50 | |
| 2.0.313 | 50 / 50 | |
| 2.0.312 | 50 / 50 | |
| 2.0.311 | 50 / 50 | |
| 2.0.310 | 50 / 50 | |
| 2.0.309 | 50 / 50 | |
| 2.0.308 | 50 / 50 | |
| 2.0.307 | 50 / 50 | |
| 2.0.306 | 50 / 50 | |
| 2.0.305 | 50 / 50 | |
| 2.0.304 | 50 / 50 | |
| 2.0.303 | 50 / 50 | |
| 2.0.302 | 50 / 50 | |
| 2.0.301 | 50 / 50 | |
| 2.0.300 | 50 / 50 | |
| 2.0.299 | 50 / 50 | |
| 2.0.298 | 50 / 50 | |
| 2.0.297 | 50 / 50 | |
| 2.0.296 | 50 / 50 | |
| 2.0.295 | 50 / 50 | |
| 2.0.294 | 50 / 50 | |
| 2.0.293 | 50 / 50 | |
| 2.0.292 | 50 / 50 | |
| 2.0.291 | 50 / 50 | |
| 2.0.290 | 50 / 50 | |
| 2.0.289 | 50 / 50 | |
| 2.0.288 | 50 / 50 | |
| 2.0.287 | 50 / 50 | |
| 2.0.286 | 50 / 50 | |
| 2.0.285 | 50 / 50 | |
| 2.0.284 | 50 / 50 | |
| 2.0.283 | 50 / 50 | |
| 2.0.282 | 50 / 50 | |
| 2.0.281 | 50 / 50 | |
| 2.0.280 | 50 / 50 | |
| 2.0.279 | 50 / 50 | |
| 2.0.278 | 50 / 50 | |
| 2.0.277 | 50 / 50 | |
| 2.0.276 | 50 / 50 | |
| 2.0.275 | 50 / 50 | |
| 2.0.274 | 50 / 50 | |
| 2.0.273 | 50 / 50 | |
| 2.0.272 | 50 / 50 | |
| 2.0.271 | 50 / 50 | |
| 2.0.270 | 50 / 50 | |
| 2.0.269 | 50 / 50 | |
| 2.0.268 | 50 / 50 | |
| 2.0.267 | 50 / 50 | |
| 2.0.266 | 50 / 50 | |
| 2.0.265 | 50 / 50 | |
| 2.0.264 | 50 / 50 | |
| 2.0.263 | 50 / 50 | |
| 2.0.262 | 50 / 50 | |
| 2.0.261 | 50 / 50 | |
| 2.0.260 | 50 / 50 | |
| 2.0.259 | 50 / 50 | |
| 2.0.258 | 50 / 50 | |
| 2.0.256 | 50 / 50 | |
| 2.0.255 | 50 / 50 | |
| 2.0.254 | 50 / 50 | |
| 2.0.253 | 50 / 50 | |
| 2.0.252 | 50 / 50 | |
| 2.0.251 | 50 / 50 | |
| 2.0.250 | 50 / 50 |
Showing 100 of 215
Next page →
v2.1.3
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.320
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.296
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.270
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.