@computesdk/workbench — Greenflagged

Interactive REPL for testing ComputeSDK sandbox operations

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

heygarrison

Keywords

computesdksandboxreplclideveloper-toolstesting

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publisher is consistent with CI/CD automation; SLSA attestation confirms legitimate pipeline publish.	ai	2026/05/22

Versions (showing 51 of 81)

View all versions

Version	Deps	Published
27.0.1	4 / 6	2026-06-01
27.0.0	4 / 6	2026-05-29
26.0.4	4 / 6	2026-05-29
26.0.3	4 / 6	2026-05-27
26.0.2	4 / 6	2026-05-27
26.0.1	4 / 6	2026-05-26
26.0.0	4 / 6	2026-05-26
25.0.3	4 / 6	2026-05-21
25.0.2	4 / 6	2026-05-21
25.0.1	4 / 6	2026-05-19
25.0.0	4 / 6	2026-05-19
24.0.4	4 / 6	2026-05-14
24.0.3	4 / 6	2026-05-11
24.0.2	4 / 6	2026-05-04
24.0.1	4 / 6	2026-04-29
24.0.0	4 / 6	2026-04-28
23.0.0	5 / 6	2026-04-22
22.0.0	5 / 6	2026-04-16
21.1.0	5 / 6	2026-04-16
21.0.3	5 / 6	2026-04-14
21.0.2	5 / 6	2026-04-10
21.0.1	5 / 6	2026-04-01
21.0.0	5 / 6	2026-03-25
20.0.2	5 / 6	2026-03-20
20.0.1	5 / 6	2026-03-20
20.0.0	5 / 6	2026-03-18
19.0.1	5 / 6	2026-03-18
19.0.0	5 / 6	2026-03-17
18.0.1	5 / 6	2026-03-16
18.0.0	5 / 6	2026-03-12
17.0.1	5 / 6	2026-03-12
17.0.0	5 / 6	2026-03-12
16.0.0	5 / 6	2026-03-12
15.0.0	5 / 6	2026-03-10
14.0.0	5 / 6	2026-03-09
13.0.0	5 / 6	2026-03-08
12.0.0	5 / 6	2026-03-06
11.0.0	5 / 6	2026-02-23
10.0.0	5 / 6	2026-02-23
9.0.0	5 / 6	2026-02-20
8.0.1	5 / 6	2026-02-20
8.0.0	5 / 6	2026-02-19
7.0.6	5 / 6	2026-02-16
7.0.5	5 / 6	2026-02-10
7.0.4	5 / 6	2026-02-07
7.0.3	5 / 6	2026-02-02
7.0.1	5 / 6	2026-01-30
7.0.0	5 / 6	2026-01-29
6.0.1	5 / 6	2026-01-28
5.0.7	5 / 6	2026-01-27
5.0.6	5 / 6	2026-01-27

v27.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.3

2 findings

HIGH Publisher changed: heygarrison → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.