@codemation/core
The **Codemation engine**: workflow types, the execution model, builder DSL, dependency-injection primitives, and shared runtime contracts. It stays free of HTTP servers, databases, UI, and concrete node catalogs so apps and plugins can build on a stable
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/agentMcpTypes-DUmniLOY.d.cts | AI (source-diff): TypeScript declaration file with long re-export lines from tsdown bundler; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-CSKKuK60.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines from tsdown bundler; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-BZDhEQ6W.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines from tsdown bundler; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/contracts.d.cts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/contracts.d.ts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/browser.d.ts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-zWGtEhrf.d.ts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/agentMcpTypes-ZiNbNsEi.d.cts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/browser.d.cts | AI (source-diff): TypeScript declaration file with long barrel-import lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-BE9CAkbf.d.ts | AI (source-diff): TypeScript declaration file with bundled type exports; long lines are normal for rollup-style .d.ts output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-siBSjaaY.d.cts | AI (source-diff): TypeScript declaration file with bundled type exports; long lines are normal for rollup-style .d.ts output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-DeLl1Tne.d.ts | AI (source-diff): TypeScript declaration file with bundled type exports; long lines are normal for rollup-style .d.ts output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-BqNjrksF.d.cts | AI (source-diff): TypeScript declaration file with long re-export lines from bundler (tsdown); not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-CI-F8qQ7.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines from bundler (tsdown); not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-CJQtTY_M.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines from bundler (tsdown); not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-BrEq6Jm6.d.ts | AI (source-diff): Bundled TypeScript declaration file with long re-export lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-Bes88mxT.d.ts | AI (source-diff): Bundled TypeScript declaration file with long re-export lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/RunIntentService-MUHJ1bhO.d.cts | AI (source-diff): Bundled TypeScript declaration file with long re-export lines; not obfuscated code. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @codemation/core; name reflects org/product, not an attempt to impersonate 'cors'. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 2.0.0 | 3 / 6 | |
| 1.0.1 | 3 / 6 | |
| 1.0.0 | 3 / 6 | |
| 0.12.0 | 3 / 6 | |
| 0.11.1 | 3 / 6 | |
| 0.11.0 | 3 / 6 | |
| 0.10.2 | 3 / 6 | |
| 0.10.1 | 3 / 6 | |
| 0.10.0 | 3 / 6 | |
| 0.8.1 | 3 / 6 | |
| 0.8.0 | 3 / 6 | |
| 0.7.0 | 3 / 6 | |
| 0.6.0 | 3 / 6 | |
| 0.5.0 | 3 / 6 | |
| 0.4.0 | 3 / 6 | |
| 0.3.0 | 3 / 6 | |
| 0.2.3 | 3 / 6 | |
| 0.2.1 | 3 / 6 | |
| 0.2.0 | 3 / 6 | |
| 0.0.19 | 3 / 6 | |
| 0.0.18 | 3 / 6 | |
| 0.0.16 | 3 / 6 | |
| 0.0.15 | 3 / 6 | |
| 0.0.14 | 3 / 6 | |
| 0.0.13 | 3 / 6 | |
| 0.0.11 | 3 / 6 |
v2.0.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.3
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
2 findingsPackage name '@codemation/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.