@dathomir/runtime MPL-2.0 9 versions

@dathomir/runtime

npm Repository Homepage

dathomir runtime package

9

Versions

MPL-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

takuma-ru

Keywords

dathomirframeworkfrontendjavascripttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@dathomir/shared	AI (phantom-deps): Same org scope (@dathomir/*); used indirectly through monorepo peer packages. Stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:devalue	AI (phantom-deps): devalue is a legitimate, well-known serialization library by Rich Harris; declared as a runtime dep in package.json. Phantom-dep finding is a false positive for this package.	ai	2026/04/25
dependencies	unvetted-dep:@dathomir/store	AI (dependencies): @dathomir/store is a sibling package in the same monorepo/org by the same author; not a third-party unknown dependency.	ai	2026/04/25

Versions (showing 9 of 9)

Version	Deps	Published
0.0.12	4 / 8	2026-04-22
0.0.11	4 / 8	2026-03-13
0.0.10	3 / 8	2026-03-04
0.0.9	3 / 8	2026-02-25
0.0.8	3 / 8	2026-02-25
0.0.7	3 / 8	2026-02-25
0.0.5	3 / 8	2026-02-24
0.0.4	3 / 8	2026-02-24
0.0.3	3 / 8	2026-02-24

v0.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.