@cordisjs/plugin-server No license 8 versions

@cordisjs/plugin-server

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

shigma

Keywords

cordisrouterhttpwswebsocketserverserviceplugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/koa	AI (phantom-deps): TypeScript type package for the koa framework; framework-scoped, loaded by convention. Stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@types/koa__router	AI (phantom-deps): TypeScript type package for @koa/router; framework-scoped, loaded by convention. Stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:reggol	AI (phantom-deps): reggol is a logging library in the Cordis ecosystem; referenced in config files as documented. Stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@types/ws	AI (phantom-deps): @types/ws is intentionally listed as a runtime dep in this package to expose WebSocket types to consumers; stable pattern for this plugin.	ai	2026/04/26
phantom-deps	phantom-dep:path-to-regexp	AI (phantom-deps): path-to-regexp is a routing utility used indirectly/via config in this server plugin; phantom-dep flag is a stable false positive here.	ai	2026/04/26

Versions (showing 8 of 8)

Version	Deps	Published
1.6.2	7 / 3	2026-05-12
1.6.1	7 / 3	2026-05-05
1.6.0	7 / 5	2026-05-04
1.5.0	7 / 5	2026-04-28
1.4.0	7 / 5	2026-04-20
1.3.0	7 / 5	2026-04-15
0.2.9	12 / 1	2025-12-28
0.2.8	12 / 1	2025-12-28

v1.6.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.