← Home

@cleocode/studio

npm Repository Homepage

CLEO Studio — unified web portal for Nexus, Brain, and Tasks visualization

20
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kryptobaseddev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@cosmograph/cosmos AI (dependencies): Beta graph visualization library consistent with package purpose; stable pattern across versions. ai
phantom-deps phantom-dep:llmtxt AI (phantom-deps): SvelteKit app pattern; deps declared in config but bundled, not directly imported. ai
phantom-deps phantom-dep:loro-crdt AI (phantom-deps): SvelteKit app pattern; deps declared in config but bundled, not directly imported. ai
phantom-deps phantom-dep:@ai-sdk/anthropic AI (phantom-deps): SvelteKit app pattern; deps declared in config but bundled, not directly imported. ai
phantom-deps phantom-dep:@ai-sdk/provider-utils AI (phantom-deps): SvelteKit app pattern; deps declared in config but bundled, not directly imported. ai
phantom-deps phantom-dep:@ai-sdk/openai-compatible AI (phantom-deps): SvelteKit app pattern; deps declared in config but bundled, not directly imported. ai
phantom-deps phantom-dep:@cosmograph/cosmos AI (phantom-deps): Config-referenced visualization dep; stable false positive. ai
phantom-deps phantom-dep:@sveltejs/adapter-node AI (phantom-deps): Framework-scoped adapter loaded by convention; expected phantom-dep pattern. ai
phantom-deps phantom-dep:d3 AI (phantom-deps): SvelteKit app; d3 referenced in config/templates, not directly imported in JS modules. ai
phantom-deps phantom-dep:graphology-layout-forceatlas2 AI (phantom-deps): Config-referenced graph layout dep; stable false positive. ai
phantom-deps phantom-dep:@fontsource-variable/jetbrains-mono AI (phantom-deps): Font package imported via CSS/config; stable false positive. ai
phantom-deps phantom-dep:@fontsource-variable/inter AI (phantom-deps): Font package imported via CSS/config, not JS; stable false positive. ai
phantom-deps phantom-dep:hono AI (phantom-deps): Server framework loaded by convention in SvelteKit adapter setup. ai
phantom-deps phantom-dep:three AI (phantom-deps): 3D visualization dep referenced in config; stable false positive for this package. ai
phantom-deps phantom-dep:d3-force-3d AI (phantom-deps): Config-referenced visualization dep; stable false positive. ai
phantom-deps phantom-dep:three-stdlib AI (phantom-deps): Config-referenced dep; stable false positive for this package. ai
phantom-deps phantom-dep:3d-force-graph AI (phantom-deps): Config-referenced visualization dep; stable false positive. ai

Versions (showing 20 of 20)

Version Deps Published
2026.5.124 23 / 10
2026.5.120 23 / 10
2026.5.112 23 / 10
2026.5.95 23 / 10
2026.5.94 23 / 10
2026.5.93 23 / 10
2026.5.92 23 / 10
2026.5.90 23 / 10
2026.5.89 23 / 10
2026.5.88 23 / 10
2026.5.87 23 / 10
2026.5.65 23 / 10
2026.5.63 23 / 10
2026.5.61 18 / 10
2026.5.60 18 / 10
2026.5.59 18 / 10
2026.5.33 18 / 10
2026.5.28 18 / 10
2026.5.4 18 / 10
2026.5.3 18 / 10

v2026.5.124

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.120

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.112

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.95

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.94

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.93

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.92

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.90

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.89

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.88

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.87

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.65

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.63

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.61

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.60

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.59

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.33

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.28

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.