← Home

@cdktn/provider-newrelic

npm Repository Homepage

Prebuilt newrelic Provider for CDK Terrain (cdktn)

10
Versions
MPL-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cdktn-teamjsteinichso0k

Keywords

cdkcdk-terraincdktfcdktnnewrelicopentofuproviderterraform

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition to GitHub Actions publisher with SLSA provenance is expected CI/CD automation pattern for this project. ai
source-diff obfuscated-file:lib/data-newrelic-fleet-members/index.js AI (source-diff): Same jsii compilation pattern; readable CDK Terraform provider code. ai
source-diff obfuscated-file:lib/fleet-members/index.js AI (source-diff): Same jsii compilation pattern; readable CDK Terraform provider code. ai
source-diff obfuscated-file:lib/metric-pruning-rule/index.js AI (source-diff): Same jsii compilation pattern; readable CDK Terraform provider code. ai
source-diff obfuscated-file:lib/cardinality-management/index.js AI (source-diff): Long lines are jsii TypeScript compilation output, not obfuscation; stable pattern for this provider package. ai
source-diff obfuscated-file:lib/fleet-deployment/index.js AI (source-diff): jsii-compiled TypeScript output; long lines are normal for this build toolchain. ai
source-diff obfuscated-file:lib/fleet-configuration/index.js AI (source-diff): jsii-compiled TypeScript output; long lines are normal for this build toolchain, not obfuscation. ai
source-diff obfuscated-file:lib/data-newrelic-fleet-configuration/index.js AI (source-diff): jsii-compiled TypeScript output; long lines are normal for this build toolchain, not obfuscation. ai

Versions (showing 10 of 10)

Version Deps Published
15.0.5 0 / 18
15.0.4 0 / 18
15.0.3 0 / 18
15.0.0 0 / 18
14.6.1 0 / 18
14.6.0 0 / 18
14.5.0 0 / 18
14.4.1 0 / 18
14.4.0 0 / 18
14.3.2 0 / 18

v15.0.5

6 findings
HIGH Publisher changed: cdktn-team → GitHub Actions (on 2026-05-26) provenance

This version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: lib/cardinality-management/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/data-newrelic-fleet-members/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/fleet-members/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/metric-pruning-rule/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.6.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v14.6.0

4 findings
HIGH New obfuscated file: lib/data-newrelic-fleet-configuration/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/fleet-configuration/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/fleet-deployment/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.5.0

3 findings
HIGH New obfuscated file: lib/data-newrelic-fleet-configuration/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/fleet-configuration/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v14.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v14.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.