@dathomir/core MPL-2.0 8 versions

@dathomir/core

npm Repository Homepage

dathomir package

8

Versions

MPL-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

takuma-ru

Keywords

dathomirframeworkfrontendjavascripttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@dathomir/store	AI (dependencies): @dathomir/store is a first-party sibling package in the same dathomir-js monorepo; flagging it as unvetted is a stable false positive for this package family.	ai	2026/04/27
publish-pattern	new-deps-added	AI (publish-pattern): The new dep is @dathomir/store, a same-namespace monorepo sibling. Adding internal sibling deps is expected as the framework grows; not an injection risk.	ai	2026/04/27
typosquat	typosquat.levenshtein:cors	AI (typosquat): @dathomir/core is the core package of the dathomir framework monorepo; the levenshtein match to 'cors' is coincidental and not an impersonation attempt.	ai	2026/04/25

Versions (showing 8 of 8)

Version	Deps	Published
0.0.12	5 / 6	2026-04-22
0.0.11	5 / 6	2026-03-13
0.0.10	4 / 6	2026-03-04
0.0.9	4 / 6	2026-02-25
0.0.8	4 / 6	2026-02-25
0.0.7	4 / 6	2026-02-25
0.0.5	4 / 6	2026-02-24
0.0.4	4 / 6	2026-02-24

v0.0.12

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@dathomir/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.