@elsikora/nestjs-crud-automator
A library for automating the creation of CRUD operations in NestJS.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): Automated semantic-release CI pipeline; rapid publishes are expected for this org's workflow. | ai | |
| dependencies | unvetted-dep:@elsikora/pluralizer | AI (dependencies): Same-org dependency from the same publisher; low risk for this package family. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Active library with 102 versions; file growth consistent with feature expansion, no malicious indicators. | ai | |
| phantom-deps | phantom-dep:@elsikora/cladi | AI (phantom-deps): Same-org dependency likely re-exported or used indirectly; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@elsikora/pluralizer | AI (phantom-deps): Same-org dependency; likely re-exported or used indirectly through bundled output rather than direct import. | ai | |
| provenance | no-provenance | AI (provenance): Consistent across all 93 versions; publisher has not adopted Sigstore attestation but package is otherwise clean. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 2.9.0 | 4 / 54 | |
| 2.8.0 | 4 / 54 | |
| 2.7.0 | 4 / 54 | |
| 2.6.0 | 4 / 54 | |
| 2.5.0 | 4 / 54 | |
| 2.4.0 | 4 / 54 | |
| 2.3.0 | 4 / 54 | |
| 2.2.0 | 4 / 54 | |
| 2.1.2 | 4 / 54 | |
| 2.1.1 | 4 / 54 | |
| 2.1.0 | 4 / 54 | |
| 2.0.4 | 4 / 54 | |
| 2.0.3 | 4 / 54 | |
| 2.0.2 | 4 / 54 | |
| 2.0.1 | 4 / 54 | |
| 2.0.0 | 4 / 54 | |
| 1.24.0 | 4 / 54 | |
| 1.23.0 | 4 / 54 | |
| 1.22.0 | 4 / 54 | |
| 1.21.1 | 5 / 53 | |
| 1.21.0 | 5 / 35 | |
| 1.20.0 | 5 / 35 | |
| 1.19.0 | 5 / 35 | |
| 1.18.0 | 5 / 35 | |
| 1.17.1 | 5 / 35 | |
| 1.17.0 | 5 / 35 |
v2.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.21.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.20.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.18.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.17.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.17.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.