← Home

@devmoods/postgres-admin

npm
13
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hkkoren

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:react-dom AI (phantom-deps): React app dep consumed by bundler. ai
phantom-deps phantom-dep:react-icons AI (phantom-deps): React app dep consumed by bundler. ai
phantom-deps phantom-dep:@devmoods/ui AI (phantom-deps): Same-org UI lib consumed by bundler. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): Type-only dep; never imported at runtime. ai
phantom-deps phantom-dep:@devmoods/fetch AI (phantom-deps): Same-org dep consumed by bundler. ai
phantom-deps phantom-dep:@devmoods/config AI (phantom-deps): Same-org dep consumed by bundler. ai
phantom-deps phantom-dep:@types/react-dom AI (phantom-deps): Type-only dep; never imported at runtime. ai
phantom-deps phantom-dep:react-fast-compare AI (phantom-deps): React app dep consumed by bundler. ai
phantom-deps phantom-dep:@vitest/coverage-v8 AI (phantom-deps): Test coverage tool loaded by vitest convention. ai
phantom-deps phantom-dep:@vitejs/plugin-react AI (phantom-deps): Vite plugin loaded via config file. ai
phantom-deps phantom-dep:@tanstack/react-query AI (phantom-deps): React app dep consumed by bundler. ai
phantom-deps phantom-dep:babel-plugin-react-compiler AI (phantom-deps): Babel plugin loaded via config. ai
phantom-deps phantom-dep:sass AI (phantom-deps): Build-tool dep consumed via Vite config, not direct import. ai
phantom-deps phantom-dep:tsup AI (phantom-deps): Build tool invoked via scripts, not imported. ai
phantom-deps phantom-dep:vite AI (phantom-deps): Build tool invoked via scripts/config. ai
phantom-deps phantom-dep:react AI (phantom-deps): JSX transform; consumed by bundler, not direct import in dist. ai
phantom-deps phantom-dep:dotenv AI (phantom-deps): Loaded via CLI flag in test script. ai
phantom-deps phantom-dep:zustand AI (phantom-deps): Likely imported in source compiled by Vite. ai
phantom-deps phantom-dep:date-fns AI (phantom-deps): Likely imported in source compiled by Vite. ai

Versions (showing 13 of 13)

Version Deps Published
0.19.0 12 / 11
0.18.1 12 / 11
0.18.0 12 / 11
0.17.5 12 / 11
0.17.1 12 / 11
0.17.0 12 / 11
0.16.1 12 / 11
0.16.0 12 / 11
0.15.0 12 / 11
0.14.0 23 / 0
0.13.1 23 / 0
0.13.0 23 / 0
0.12.0 2 / 23

v0.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.17.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.17.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.13.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.