@cartridge/controller-wasm

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

tarrencevbroodyc7e-steeb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:pkg-controller/account_wasm_bg.js	AI (source-diff): Standard wasm-bindgen glue code; network/exec patterns are WASM interop boilerplate, not malware.	ai	2026/05/19
source-diff	net-exec-file:pkg-session/session_wasm_bg.js	AI (source-diff): Standard wasm-bindgen glue code; same pattern as controller file, both are WASM interop boilerplate.	ai	2026/05/19
semgrep	semgrep:new-function-constructor	AI (semgrep): new Function() in wasm-bindgen glue is standard for dynamic WASM function construction.	ai	2026/05/19
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() is standard wasm-bindgen generated glue code; stable false positive for this package.	ai	2026/05/16

Versions (showing 47 of 47)

Version	Deps	Published
0.10.1	0 / 1	2026-04-17
0.10.0	0 / 1	2026-03-23
0.9.6	0 / 1	2026-03-06
0.9.5	0 / 1	2026-03-04
0.9.4	0 / 1	2026-02-13
0.9.3	0 / 1	2026-02-10
0.9.2	0 / 1	2026-02-09
0.9.1	0 / 1	2026-01-13
0.9.0	0 / 1	2026-01-08
0.8.0	0 / 1	2025-11-13
0.3.19	0 / 1	2025-11-12
0.3.18	0 / 1	2025-11-12
0.3.17	0 / 1	2025-11-11
0.3.16	0 / 1	2025-11-06
0.3.15	0 / 1	2025-11-06
0.3.14	0 / 1	2025-11-06
0.3.13	0 / 1	2025-10-09
0.3.12	0 / 1	2025-10-09
0.3.11	0 / 1	2025-10-06
0.3.10	0 / 1	2025-10-01
0.3.9	0 / 1	2025-10-01
0.3.8	0 / 1	2025-09-30
0.3.7	0 / 1	2025-09-25
0.3.6	0 / 1	2025-09-15
0.3.5	0 / 1	2025-09-12
0.3.4	0 / 1	2025-09-05
0.3.3	0 / 1	2025-09-04
0.3.2	0 / 1	2025-09-02
0.3.1	0 / 1	2025-09-01
0.3.0	0 / 1	2025-08-29
0.2.7	0 / 1	2025-08-04
0.2.6	0 / 1	2025-07-31
0.2.5	0 / 1	2025-07-30
0.2.4	0 / 1	2025-07-25
0.2.3	0 / 1	2025-07-16
0.2.2	0 / 1	2025-07-16
0.2.1	0 / 1	2025-07-09
0.2.0	0 / 1	2025-06-27
0.1.9	0 / 1	2025-06-25
0.1.8	0 / 1	2025-06-18
0.1.7	0 / 1	2025-06-12
0.1.6	0 / 1	2025-06-10
0.1.5	0 / 1	2025-05-29
0.1.3	0 / 1	2025-05-13
0.1.2	0 / 1	2025-05-13
0.1.1	0 / 1	2025-05-13
0.1.0	0 / 0	2025-05-12

v0.10.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.19

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.17

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.15

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.