@finos/legend-extension-dsl-data-space

Legend extension for Data Space DSL

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

finos-adminmaootexodusneil.slinger

Keywords

legendlegend-extensiondsldsl-data-space

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Stable for FINOS packages; provenance adoption is org-wide, not per-version.	ai	2026/05/29
dependencies	unvetted-dep:serializr	AI (dependencies): serializr is a well-known, benign serialization library; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): react-dom is a standard peer/runtime dep declared in package.json; phantom-dep heuristic false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): Framework-scoped type package loaded by convention; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-server-sdlc	AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this monorepo package.	ai	2026/04/29

Versions (showing 100 of 156)

Version	Deps	Published
10.4.226	17 / 9	2026-06-05
10.4.225	17 / 9	2026/06/04
10.4.224	17 / 9	2026-06-03
10.4.223	17 / 9	2026-06-03
10.4.222	17 / 9	2026-06-01
10.4.221	17 / 9	2026-05-26
10.4.220	17 / 9	2026-05-20
10.4.219	17 / 9	2026-05-18
10.4.218	17 / 9	2026-05-11
10.4.217	17 / 9	2026-05-11
10.4.216	17 / 9	2026-05-07
10.4.215	17 / 9	2026-05-05
10.4.214	17 / 9	2026-05-01
10.4.213	17 / 9	2026-04-29
10.4.212	17 / 9	2026-04-27
10.4.211	17 / 9	2026-04-20
10.4.210	17 / 9	2026-04-13
10.4.209	17 / 9	2026-04-06
10.4.208	17 / 9	2026-03-31
10.4.207	17 / 9	2026-03-24
10.4.206	17 / 9	2026-03-24
10.4.205	17 / 9	2026-03-20
10.4.204	17 / 9	2026-03-19
10.4.203	17 / 9	2026-03-17
10.4.202	17 / 9	2026-03-17
10.4.201	17 / 9	2026-03-09
10.4.200	17 / 9	2026-03-07
10.4.199	17 / 9	2026-03-04
10.4.198	17 / 9	2026-03-03
10.4.197	17 / 9	2026-02-25
10.4.196	17 / 9	2026-02-23
10.4.195	17 / 9	2026-02-19
10.4.194	17 / 9	2026-02-14
10.4.193	17 / 9	2026-02-13
10.4.192	17 / 9	2026-02-11
10.4.190	17 / 9	2026-02-01
10.4.189	17 / 9	2026-01-29
10.4.188	17 / 9	2026-01-27
10.4.187	17 / 9	2026-01-23
10.4.186	17 / 9	2026-01-22
10.4.185	17 / 9	2026-01-20
10.4.184	17 / 9	2026-01-16
10.4.183	17 / 9	2026-01-13
10.4.182	17 / 9	2026-01-07
10.4.181	17 / 9	2026-01-06
10.4.180	17 / 9	2025-12-19
10.4.179	17 / 9	2025-12-16
10.4.178	17 / 9	2025-12-15
10.4.177	17 / 9	2025-12-11
10.4.176	17 / 9	2025-12-10
10.4.175	17 / 9	2025-12-08
10.4.174	17 / 9	2025-12-04
10.4.173	17 / 9	2025-12-03
10.4.172	17 / 9	2025-12-02
10.4.171	17 / 9	2025-11-21
10.4.170	17 / 9	2025-11-19
10.4.169	17 / 9	2025-11-19
10.4.168	17 / 9	2025-11-17
10.4.167	17 / 9	2025-11-14
10.4.166	17 / 9	2025-11-10
10.4.165	17 / 9	2025-11-05
10.4.164	17 / 9	2025-11-05
10.4.163	17 / 9	2025-11-03
10.4.162	17 / 9	2025-10-31
10.4.161	17 / 9	2025-10-30
10.4.160	17 / 9	2025-10-30
10.4.159	17 / 9	2025-10-28
10.4.158	17 / 9	2025-10-27
10.4.157	17 / 9	2025-10-24
10.4.156	17 / 9	2025-10-22
10.4.155	17 / 9	2025-10-20
10.4.154	17 / 9	2025-10-17
10.4.153	17 / 9	2025-10-10
10.4.152	17 / 9	2025-10-10
10.4.151	17 / 9	2025-10-09
10.4.150	17 / 9	2025-10-06
10.4.149	17 / 9	2025-10-02
10.4.148	17 / 9	2025-09-30
10.4.147	17 / 9	2025-09-29
10.4.146	17 / 9	2025-09-27
10.4.145	17 / 9	2025-09-25
10.4.144	17 / 9	2025-09-24
10.4.143	17 / 9	2025-09-19
10.4.142	17 / 9	2025-09-18
10.4.141	17 / 9	2025-09-17
10.4.140	17 / 9	2025-09-15
10.4.139	17 / 9	2025-09-11
10.4.138	17 / 9	2025-09-11
10.4.137	17 / 9	2025-09-08
10.4.136	17 / 9	2025-09-08
10.4.135	17 / 9	2025-09-04
10.4.134	17 / 9	2025-09-04
10.4.133	17 / 9	2025-09-03
10.4.132	17 / 9	2025-09-03
10.4.131	17 / 9	2025-09-02
10.4.130	17 / 9	2025-08-29
10.4.129	17 / 9	2025-08-26
10.4.128	17 / 9	2025-08-18
10.4.127	17 / 9	2025-08-13
10.4.126	17 / 9	2025-08-13

Showing 100 of 156 Next page →

v10.4.226

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.4.225

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.4.224

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.4.223

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.4.222

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.