@c8y/package-blueprint
This package is used to scaffold a blueprint package for Cumulocity IoT.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:rxjs | AI (phantom-deps): Blueprint scaffold; rxjs referenced in config files, not directly imported. Expected pattern for this package type. | ai | |
| phantom-deps | phantom-dep:@c8y/style | AI (phantom-deps): Same-org sibling dep; loaded by convention in Cumulocity blueprints, not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@c8y/client | AI (phantom-deps): Same-org sibling dep; loaded by convention in Cumulocity blueprints, not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@angular/cdk | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive for Angular-based blueprint packages. | ai | |
| phantom-deps | phantom-dep:monaco-editor | AI (phantom-deps): Referenced in config files; expected pattern for blueprint scaffolding packages. | ai | |
| phantom-deps | phantom-dep:ngx-bootstrap | AI (phantom-deps): Referenced in config files; expected pattern for blueprint scaffolding packages. | ai |
Versions (showing 51 of 189)
| Version | Deps | Published |
|---|---|---|
| 1023.83.4 | 8 / 2 | |
| 1023.83.3 | 8 / 2 | |
| 1023.83.2 | 8 / 2 | |
| 1023.82.8 | 8 / 2 | |
| 1023.82.4 | 8 / 2 | |
| 1023.82.3 | 8 / 2 | |
| 1023.82.2 | 8 / 2 | |
| 1023.82.1 | 8 / 2 | |
| 1023.82.0 | 8 / 2 | |
| 1023.81.3 | 8 / 2 | |
| 1023.81.2 | 8 / 2 | |
| 1023.80.2 | 8 / 2 | |
| 1023.80.0 | 8 / 2 | |
| 1023.79.1 | 8 / 2 | |
| 1023.78.7 | 8 / 2 | |
| 1023.78.5 | 8 / 2 | |
| 1023.78.4 | 8 / 2 | |
| 1023.78.1 | 8 / 2 | |
| 1023.77.1 | 8 / 2 | |
| 1023.76.0 | 8 / 2 | |
| 1023.75.1 | 8 / 2 | |
| 1023.71.1 | 8 / 2 | |
| 1023.70.0 | 8 / 2 | |
| 1023.68.7 | 8 / 2 | |
| 1023.68.6 | 8 / 2 | |
| 1023.68.3 | 8 / 2 | |
| 1023.68.0 | 8 / 2 | |
| 1023.67.0 | 8 / 2 | |
| 1023.66.4 | 8 / 2 | |
| 1023.66.3 | 8 / 2 | |
| 1023.65.2 | 8 / 2 | |
| 1023.65.1 | 8 / 2 | |
| 1023.65.0 | 8 / 2 | |
| 1023.64.2 | 8 / 2 | |
| 1023.64.1 | 8 / 2 | |
| 1023.63.1 | 8 / 2 | |
| 1023.63.0 | 8 / 2 | |
| 1023.62.2 | 8 / 2 | |
| 1023.61.12 | 8 / 2 | |
| 1023.61.2 | 8 / 2 | |
| 1023.61.0 | 8 / 2 | |
| 1023.59.1 | 8 / 2 | |
| 1023.58.3 | 8 / 2 | |
| 1023.57.0 | 8 / 2 | |
| 1023.55.5 | 8 / 2 | |
| 1023.53.0 | 8 / 2 | |
| 1023.52.0 | 8 / 2 | |
| 1023.50.2 | 8 / 2 | |
| 1023.48.3 | 8 / 2 | |
| 1023.48.2 | 8 / 2 | |
| 1023.48.0 | 8 / 2 |
v1023.83.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.83.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.83.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.82.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.81.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.81.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.80.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.80.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.79.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.78.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.78.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.78.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.78.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.77.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.75.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.71.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.68.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.68.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.68.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.68.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.67.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.66.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.66.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.65.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.65.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.65.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.64.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1023.64.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1023.63.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.63.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.62.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.61.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.61.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.61.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.59.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.58.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.57.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.55.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.53.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.52.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.50.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.48.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.48.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1023.48.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.