@edenapp/genesis — Greenflagged

Genesis - Package and bundle Eden applications into .edenite format.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

b0czek

Keywords

edenbundlerpackageredenitegenesiszstdzstandardcompression

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Likely reflects a one-time publish environment change; no other malicious indicators present.	ai	2026/05/27
dependencies	unvetted-dep:@edenapp/types	AI (dependencies): Sibling package from the same monorepo (github.com/b0czek/eden); unvetted status is expected for co-released internal deps.	ai	2026/04/28

Versions (showing 19 of 19)

Version	Deps	Published
0.7.3	6 / 7	2026-05-05
0.7.2	6 / 7	2026-04-26
0.7.0	6 / 7	2026-04-20
0.6.5	6 / 7	2026-04-06
0.6.4	6 / 7	2026-04-06
0.6.3	6 / 7	2026-04-06
0.6.2	6 / 7	2026-04-04
0.6.0	6 / 7	2026-04-04
0.5.2	6 / 7	2026-02-10
0.5.1	6 / 7	2026-02-09
0.5.0	6 / 7	2026-02-08
0.4.1	6 / 7	2026-01-10
0.4.0	6 / 7	2026-01-10
0.3.0	6 / 7	2026-01-03
0.2.6	6 / 7	2026-01-10
0.2.5	6 / 7	2026-01-10
0.2.2	6 / 7	2026-01-09
0.2.1	5 / 7	2025-12-03
0.2.0	5 / 7	2025-11-30

v0.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.2

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: b0czek.