@cloudcome/utils-uni
cloudcome utils for uni-app
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): SLSA provenance attestation confirms legitimate CI/CD publish from the known repo; dormancy alone is not a risk here. | ai | |
| dependencies | unvetted-dep:@dcloudio/uni-app | AI (dependencies): @dcloudio/uni-app is the canonical uni-app framework; its use is expected and stable for this package. | ai | |
| phantom-deps | phantom-dep:@dcloudio/types | AI (phantom-deps): Type-only dep for uni-app; declared for TS types, not directly imported at runtime — stable false positive for this package. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 1.34.0 | 6 / 0 | |
| 1.33.0 | 6 / 0 | |
| 1.32.0 | 6 / 0 | |
| 1.31.1 | 6 / 0 | |
| 1.31.0 | 6 / 0 | |
| 1.30.3 | 6 / 0 | |
| 1.30.2 | 6 / 0 | |
| 1.30.1 | 6 / 0 | |
| 1.30.0 | 6 / 0 | |
| 1.29.7 | 6 / 0 | |
| 1.29.6 | 6 / 0 | |
| 1.29.5 | 6 / 0 | |
| 1.29.4 | 6 / 0 | |
| 1.29.3 | 6 / 0 | |
| 1.29.2 | 6 / 0 | |
| 1.2.7 | 4 / 0 |
v1.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.32.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.31.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.30.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.30.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.30.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.