@axium/server
Axium Server is the main server application and framework for Axium.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): sharp is a well-known, widely-used image processing library; addition is benign for a server package. | ai | |
| dependencies | unvetted-dep:cookie_v1 | AI (dependencies): cookie_v1 is an npm alias for the well-known cookie@^1.0.2 package; stable pattern for this project. | ai | |
| bogus-package | bogus-package | AI (bogus-package): 223-version org package with SLSA provenance and real repo; thin README/no keywords are cosmetic, not spam indicators. | ai | |
| phantom-deps | phantom-dep:@types/semver | AI (phantom-deps): Type-only dependency; not directly imported at runtime by convention. | ai | |
| typosquat | typosquat.levenshtein:semver | AI (typosquat): Scoped package @axium/server in an established monorepo; Levenshtein match to 'semver' is coincidental. | ai | |
| phantom-deps | phantom-dep:patch-package | AI (phantom-deps): Used via postinstall script, not direct import; stable pattern for this package. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Runs patch-package patches via node patches/patch.js; consistent with declared patch-package dependency across all versions. | ai | |
| phantom-deps | phantom-dep:@types/pg | AI (phantom-deps): Type-only dependency; not directly imported at runtime by convention. | ai |
Versions (showing 23 of 23)
| Version | Deps | Published |
|---|---|---|
| 0.46.6 | 12 / 0 | |
| 0.46.1 | 12 / 0 | |
| 0.46.0 | 12 / 0 | |
| 0.44.3 | 10 / 0 | |
| 0.43.0 | 10 / 2 | |
| 0.42.0 | 9 / 2 | |
| 0.40.2 | 8 / 2 | |
| 0.40.1 | 8 / 2 | |
| 0.39.1 | 8 / 2 | |
| 0.38.3 | 8 / 2 | |
| 0.38.0 | 8 / 2 | |
| 0.37.2 | 8 / 2 | |
| 0.36.6 | 8 / 2 | |
| 0.36.4 | 8 / 2 | |
| 0.36.2 | 8 / 2 | |
| 0.35.0 | 8 / 2 | |
| 0.34.1 | 8 / 2 | |
| 0.33.0 | 8 / 2 | |
| 0.28.6 | 8 / 2 | |
| 0.28.4 | 8 / 2 | |
| 0.28.0 | 8 / 2 | |
| 0.26.3 | 8 / 2 | |
| 0.26.2 | 8 / 2 |
v0.46.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.38.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.37.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.