@cedarjs/api
Cedar believes the future is serverless and multi-client. And `@cedarjs/api` makes Cedar serverless and multi-client ready. Cedar has one API to rule them all. Your API is abstracted away from any one side of your application, so you can have as many side
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:picoquery | AI (dependencies): picoquery is a legitimate, widely-used query-string library with no known advisories; stable accept for this package. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): @cedarjs/api is a scoped framework package, not a typosquat of hapi; Levenshtein match is coincidental. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped framework package; no relation to pg. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped framework package; no relation to joi. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): Scoped framework package; no relation to ajv. | ai | |
| phantom-deps | phantom-dep:@prisma/client | AI (phantom-deps): @prisma/client is a declared runtime dependency used via config/type references; stable false positive for this package. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 4.2.0 | 9 / 15 | |
| 4.1.0 | 9 / 15 | |
| 4.0.0 | 8 / 15 | |
| 3.1.1 | 8 / 15 | |
| 3.1.0 | 8 / 15 | |
| 3.0.0 | 8 / 15 | |
| 2.8.1 | 8 / 15 | |
| 2.8.0 | 8 / 15 | |
| 2.7.0 | 8 / 15 | |
| 2.6.0 | 8 / 15 | |
| 2.5.1 | 8 / 15 | |
| 2.5.0 | 8 / 15 | |
| 2.4.1 | 8 / 15 | |
| 2.4.0 | 8 / 15 | |
| 2.3.0 | 8 / 15 | |
| 2.2.1 | 8 / 15 | |
| 2.2.0 | 8 / 15 | |
| 2.1.1 | 8 / 15 | |
| 2.1.0 | 8 / 15 | |
| 2.0.3 | 8 / 15 | |
| 2.0.2 | 8 / 15 | |
| 2.0.1 | 8 / 15 | |
| 2.0.0 | 8 / 15 | |
| 1.1.2 | 8 / 15 | |
| 1.1.1 | 8 / 15 | |
| 1.1.0 | 8 / 15 | |
| 1.0.0 | 8 / 15 |
v4.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
2 findingsPackage name '@cedarjs/api' is 1 edit(s) away from popular package 'hapi'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.