← Home

@easylayer/common

npm

Meta-package that routes subpath exports to per-subpackage builds.

9
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

easylayer

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@sqlite.org/sqlite-wasm AI (dependencies): @sqlite.org/sqlite-wasm is the official SQLite WASM package from the SQLite project; stable legitimate dependency for this package. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Utility dep declared for consumers; not directly imported by this meta-package. ai
phantom-deps phantom-dep:sqlite3 AI (phantom-deps): Optional DB driver declared for consumers; not directly imported. ai
phantom-deps phantom-dep:stream-json AI (phantom-deps): Optional dep declared for consumers; not directly imported. ai
phantom-deps phantom-dep:pg AI (phantom-deps): Optional DB driver declared for consumers; not directly imported by this meta-package. ai
phantom-deps phantom-dep:@nestjs/swagger AI (phantom-deps): Optional NestJS peer dep declared for consumers; not directly imported. ai
phantom-deps phantom-dep:pg-query-stream AI (phantom-deps): Optional DB dep declared for consumers; not directly imported. ai
phantom-deps phantom-dep:@sqlite.org/sqlite-wasm AI (phantom-deps): Platform-specific binary dep declared for consumers; not directly imported. ai
phantom-deps phantom-dep:better-sqlite3 AI (phantom-deps): Optional DB driver declared for consumers; not directly imported. ai

Versions (showing 9 of 9)

Version Deps Published
1.3.3 21 / 9
1.3.2 21 / 9
1.2.1 21 / 9
1.2.0 21 / 9
1.1.1 22 / 5
1.0.4 22 / 5
1.0.3 22 / 5
1.0.2 21 / 5
1.0.0 21 / 5

v1.3.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.