@cloudbase/ai — Greenflagged

cloudbase js sdk ai module

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wangjiachendaniel-dxstarkwangyhyangbingggfengkxliuyanjiejustanwoodenstonemiusunclewedabotareo-joe

Keywords

tcbcloudbasejavascripttypescriptserverless

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:dist/miniprogram/index.js	AI (source-diff): Network calls and dynamic module loading are inherent to the CloudBase SDK; no dropper behavior visible in the bundle.	ai	2026/05/23
source-diff	obfuscated-file:dist/miniprogram/index.js	AI (source-diff): Standard webpack UMD bundle for miniprogram target; minification is expected and documented in build scripts.	ai	2026/05/23
publish-pattern	rapid-publish	AI (publish-pattern): High-frequency automated releases are normal for this monorepo SDK; 229 versions published over 644 days confirms the pattern.	ai	2026/05/15
dependencies	unvetted-dep:text-encoding-shim	AI (dependencies): text-encoding-shim is a standard TextEncoder/TextDecoder polyfill; appropriate for a cross-env SDK.	ai	2026/04/30
dependencies	unvetted-dep:@mattiasbuelens/web-streams-adapter	AI (dependencies): Known web-streams adapter shim used in cross-environment streaming; no malicious history.	ai	2026/04/30
typosquat	typosquat.levenshtein:hapi	AI (typosquat): Scoped @cloudbase/ai package; Levenshtein match to 'hapi' is a false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped @cloudbase/ai package; Levenshtein match to 'pg' is a false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped @cloudbase/ai package; Levenshtein match to 'joi' is a false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped @cloudbase/ai package; Levenshtein match to 'qs' is a false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:ajv	AI (typosquat): Scoped @cloudbase/ai package; Levenshtein match to 'ajv' is a false positive.	ai	2026/04/29

Versions (showing 51 of 88)

View all versions

Version	Deps	Published
3.3.13	5 / 1	2026-05-29
3.3.12	5 / 1	2026-05-28
3.3.11	5 / 1	2026-05-26
3.3.10	5 / 1	2026-05-19
3.3.9	5 / 1	2026-05-08
3.3.8	5 / 1	2026-05-07
3.3.7	5 / 1	2026-05-06
3.3.6	5 / 1	2026-04-30
3.3.5	5 / 1	2026-04-29
3.3.4	5 / 1	2026-04-21
3.3.3	5 / 1	2026-04-17
3.3.2	5 / 1	2026-04-13
3.3.1	5 / 1	2026-04-08
3.3.0	5 / 1	2026-04-08
3.2.2	5 / 1	2026-04-02
2.28.8	5 / 1	2026-05-25
2.28.6	5 / 1	2026-05-19
2.28.5	5 / 1	2026-05-07
2.28.4	5 / 1	2026-05-06
2.28.3	5 / 1	2026-04-30
2.28.2	5 / 1	2026-04-29
2.28.1	5 / 1	2026-04-27
2.28.0	5 / 1	2026-04-27
2.27.5	5 / 1	2026-04-21
2.27.4	5 / 1	2026-04-17
2.27.3	5 / 1	2026-04-13
2.27.2	5 / 1	2026-04-02
2.22.10	5 / 1	2025-12-03
2.22.9	5 / 1	2025-11-19
2.22.8	5 / 1	2025-11-19
2.22.7	5 / 1	2025-11-19
2.22.6	5 / 1	2025-11-17
2.22.5	5 / 1	2025-11-12
2.22.4	5 / 1	2025-11-05
2.22.3	5 / 1	2025-11-05
2.22.2	5 / 1	2025-11-05
2.22.1	5 / 1	2025-10-22
2.22.0	5 / 1	2025-10-22
2.21.10	5 / 1	2025-10-17
2.21.9	5 / 1	2025-09-17
2.21.8	5 / 1	2025-09-16
2.21.7	5 / 1	2025-09-16
2.21.6	5 / 1	2025-08-28
2.21.5	5 / 1	2025-08-27
2.21.4	5 / 1	2025-08-27
2.21.3	5 / 1	2025-08-21
2.21.2	5 / 1	2025-08-21
2.21.1	5 / 1	2025-08-20
2.21.0	5 / 1	2025-08-14
2.20.14	5 / 1	2025-08-13
2.20.13	5 / 1	2025-08-11