@cubejs-backend/bigquery-driver Apache-2.0 8 versions

@cubejs-backend/bigquery-driver

npm Repository Homepage

Cube.js BigQuery database driver

8

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

cubedevincstatsbotkeydunovmaxim_cube

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Monorepo package; provenance adoption is sparse across npm ecosystem.	ai	2026/05/18
publish-pattern	dormant-publish	AI (publish-pattern): SLSA provenance attestation confirms legitimate CI/CD publish; established Cube.js org package with 789 prior versions.	ai	2026/05/18
dependencies	unvetted-dep:@cubejs-backend/dotenv	AI (dependencies): Same org-scoped package (@cubejs-backend); internal dependency within the Cube.js monorepo, stable false positive.	ai	2026/05/08
bogus-package	bogus-package	AI (bogus-package): Established Cube.js monorepo driver; README and metadata patterns are false positives for this well-known OSS project.	ai	2026/05/05
phantom-deps	phantom-dep:@cubejs-backend/dotenv	AI (phantom-deps): Same-org scoped dependency in a monorepo; phantom-dep heuristic is a stable false positive here.	ai	2026/05/05

Versions (showing 8 of 114)

Version	Deps	Published
1.3.22	6 / 7	2025-06-18
1.3.21	6 / 7	2025-06-10
1.3.19	6 / 7	2025-06-02
1.3.18	6 / 7	2025-05-27
1.3.17	6 / 7	2025-05-22
1.3.16	6 / 7	2025-05-19
1.3.12	6 / 7	2025-05-08
1.3.11	6 / 7	2025-05-05

v1.3.22

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.19

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.17

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.