@finos/legend-application-query
Legend Query application core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:serializr | AI (dependencies): serializr is a well-known MobX serialization library; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:react-oidc-context | AI (dependencies): react-oidc-context is a standard OIDC wrapper; expected dependency for an app with authentication. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Type-only framework package; convention-loaded, not directly imported. Stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@types/react-dom | AI (phantom-deps): Type-only framework package; convention-loaded, not directly imported. Stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@testing-library/dom | AI (phantom-deps): Testing framework peer; loaded by convention. Stable FP for this package. | ai | |
| phantom-deps | phantom-dep:reactflow | AI (phantom-deps): Declared runtime dep used via config/indirect import; stable FP for this package. | ai |
Versions (showing 51 of 109)
| Version | Deps | Published |
|---|---|---|
| 13.8.23 | 24 / 9 | |
| 13.8.22 | 24 / 9 | |
| 13.8.21 | 24 / 9 | |
| 13.8.20 | 24 / 9 | |
| 13.8.19 | 24 / 9 | |
| 13.8.18 | 24 / 9 | |
| 13.8.17 | 24 / 9 | |
| 13.8.16 | 24 / 9 | |
| 13.8.15 | 24 / 9 | |
| 13.8.14 | 24 / 9 | |
| 13.8.13 | 24 / 9 | |
| 13.8.12 | 24 / 9 | |
| 13.8.11 | 24 / 9 | |
| 13.8.10 | 24 / 9 | |
| 13.8.9 | 24 / 9 | |
| 13.8.8 | 24 / 9 | |
| 13.8.6 | 24 / 9 | |
| 13.8.5 | 24 / 9 | |
| 13.7.162 | 21 / 9 | |
| 13.7.161 | 21 / 9 | |
| 13.7.160 | 21 / 9 | |
| 13.7.159 | 21 / 9 | |
| 13.7.158 | 21 / 9 | |
| 13.7.157 | 21 / 9 | |
| 13.7.156 | 21 / 9 | |
| 13.7.155 | 21 / 9 | |
| 13.7.154 | 21 / 9 | |
| 13.7.153 | 21 / 9 | |
| 13.7.152 | 21 / 9 | |
| 13.7.151 | 21 / 9 | |
| 13.7.150 | 21 / 9 | |
| 13.7.149 | 21 / 9 | |
| 13.7.148 | 21 / 9 | |
| 13.7.147 | 21 / 9 | |
| 13.7.146 | 21 / 9 | |
| 13.7.145 | 21 / 9 | |
| 13.7.144 | 21 / 9 | |
| 13.7.143 | 21 / 9 | |
| 13.7.142 | 21 / 9 | |
| 13.7.141 | 21 / 9 | |
| 13.7.140 | 21 / 9 | |
| 13.7.139 | 21 / 9 | |
| 13.7.138 | 21 / 9 | |
| 13.7.137 | 21 / 9 | |
| 13.7.136 | 21 / 9 | |
| 13.7.135 | 21 / 9 | |
| 13.7.134 | 21 / 9 | |
| 13.7.133 | 21 / 9 | |
| 13.7.132 | 21 / 9 | |
| 13.7.131 | 21 / 9 | |
| 13.7.130 | 21 / 9 |
v13.8.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.8.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.8.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.8.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v13.7.162
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.161
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.160
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.159
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.158
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.157
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.156
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.155
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.154
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.151
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.150
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.149
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.148
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.147
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.146
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.145
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.144
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.143
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.142
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.141
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.140
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.139
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.138
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.137
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.136
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.135
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.134
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.133
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.132
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.131
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.7.130
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.