@dpuse/dpuse-connector-dropbox
[](./LICENSE) <span><!-- OWASP_BADGES_START --> [](https://dpuse.github.io/dpuse-connector-dropbox/dependency-check-reports/depende
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@dpuse/dpuse-tool-csv-parse | AI (phantom-deps): Same-org dependency; likely used transitively or bundled — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@dpuse/dpuse-tool-file-operators | AI (phantom-deps): Same-org dependency; likely used transitively or bundled — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:p-queue | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 0.2.492 | 4 / 26 | |
| 0.2.491 | 4 / 26 | |
| 0.2.490 | 4 / 26 | |
| 0.2.489 | 4 / 26 | |
| 0.2.488 | 4 / 26 | |
| 0.2.487 | 4 / 26 | |
| 0.2.486 | 4 / 26 | |
| 0.2.485 | 4 / 26 | |
| 0.2.483 | 4 / 26 | |
| 0.2.482 | 4 / 26 | |
| 0.2.481 | 4 / 26 | |
| 0.2.479 | 4 / 26 | |
| 0.2.477 | 4 / 26 | |
| 0.2.476 | 4 / 26 | |
| 0.2.474 | 4 / 26 |
v0.2.492
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.491
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.490
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.489
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.488
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.487
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.486
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.485
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.483
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.482
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.481
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.479
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.477
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.476
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.474
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.