@dcl/sdk
Main SDK package for building Decentraland scenes.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@dcl/explorer | AI (dependencies): @dcl/explorer is a same-org Decentraland package; pinned to a specific commit-tagged version, consistent with this SDK's release pattern. | ai | |
| phantom-deps | phantom-dep:@dcl/explorer | AI (phantom-deps): Meta-package pattern; @dcl/explorer is a peer/bundled dep not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@dcl/js-runtime | AI (phantom-deps): Meta-package pattern; @dcl/js-runtime re-exported rather than directly imported. | ai | |
| phantom-deps | phantom-dep:@dcl/sdk-commands | AI (phantom-deps): Meta-package pattern; @dcl/sdk-commands is a CLI tool dep, not directly imported in library code. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 7.23.3 | 7 / 0 | |
| 7.23.1 | 7 / 0 | |
| 7.22.5 | 7 / 0 | |
| 7.22.4 | 7 / 0 | |
| 7.22.3 | 7 / 0 | |
| 7.22.1 | 7 / 0 | |
| 7.20.2 | 7 / 0 | |
| 7.17.0 | 7 / 0 | |
| 7.15.0 | 7 / 0 | |
| 7.11.2 | 7 / 0 | |
| 7.11.0 | 7 / 0 | |
| 7.10.6 | 7 / 0 | |
| 7.10.5 | 7 / 0 | |
| 7.10.2 | 7 / 0 | |
| 7.10.0 | 7 / 0 | |
| 7.9.5 | 7 / 0 | |
| 7.9.2 | 7 / 0 | |
| 7.9.1 | 7 / 0 | |
| 7.9.0 | 7 / 0 | |
| 7.8.21 | 7 / 0 | |
| 7.8.18 | 7 / 0 | |
| 7.8.16 | 7 / 0 | |
| 7.8.13 | 7 / 0 | |
| 7.8.7 | 7 / 0 | |
| 7.8.6 | 7 / 0 |
v7.23.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.23.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.22.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.22.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.20.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.11.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.9.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.