@e-llm-studio/data-engine
data operations library for e-llm-studio
1
Versions
ISC
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
yash27vermarishabh-sonalsaurabhgathadedeveshpatel
Keywords
e-llm-studio-lib
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:http | AI (dependencies): npm security placeholder stub; not actually imported per phantom-dep finding. | ai | |
| dependencies | unvetted-dep:Buffer | AI (dependencies): npm polyfill stub at 0.0.0; not actually imported per phantom-dep finding. | ai | |
| phantom-deps | phantom-dep:http | AI (phantom-deps): Declared but not imported; refers to Node.js built-in, not the stub package. | ai | |
| phantom-deps | phantom-dep:Buffer | AI (phantom-deps): Declared but not imported; Buffer is a Node.js global, not a real dep. | ai | |
| phantom-deps | phantom-dep:stream | AI (phantom-deps): Declared but not imported; refers to Node.js built-in stream module. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 1.3.4 | 6 / 3 |
v1.3.4
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.