@finos/legend-extension-dsl-diagram
Legend extension for Diagram DSL
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:serializr | AI (dependencies): serializr is a well-known serialization library; stable legitimate dependency for this package. | ai | |
| phantom-deps | phantom-dep:react-dnd | AI (phantom-deps): Declared runtime dep used transitively in UI components; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Standard React ecosystem dep declared for peer/transitive use; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Framework-scoped type package; convention-loaded, not directly imported. | ai | |
| phantom-deps | phantom-dep:@finos/legend-storage | AI (phantom-deps): Same-org monorepo sibling; phantom-dep heuristic unreliable for monorepo packages. | ai | |
| phantom-deps | phantom-dep:@finos/legend-code-editor | AI (phantom-deps): Same-org monorepo sibling; phantom-dep heuristic unreliable for monorepo packages. | ai |
Versions (showing 51 of 143)
| Version | Deps | Published |
|---|---|---|
| 8.1.242 | 13 / 11 | |
| 8.1.241 | 13 / 11 | |
| 8.1.240 | 13 / 11 | |
| 8.1.239 | 13 / 11 | |
| 8.1.238 | 13 / 11 | |
| 8.1.237 | 13 / 11 | |
| 8.1.236 | 13 / 11 | |
| 8.1.235 | 13 / 11 | |
| 8.1.234 | 13 / 11 | |
| 8.1.233 | 13 / 11 | |
| 8.1.232 | 13 / 11 | |
| 8.1.231 | 13 / 11 | |
| 8.1.230 | 13 / 11 | |
| 8.1.229 | 13 / 11 | |
| 8.1.228 | 13 / 11 | |
| 8.1.227 | 13 / 11 | |
| 8.1.226 | 13 / 11 | |
| 8.1.225 | 13 / 11 | |
| 8.1.224 | 13 / 11 | |
| 8.1.223 | 13 / 11 | |
| 8.1.222 | 13 / 11 | |
| 8.1.221 | 13 / 11 | |
| 8.1.220 | 13 / 11 | |
| 8.1.219 | 13 / 11 | |
| 8.1.218 | 13 / 11 | |
| 8.1.217 | 13 / 11 | |
| 8.1.216 | 13 / 11 | |
| 8.1.215 | 13 / 11 | |
| 8.1.214 | 13 / 11 | |
| 8.1.213 | 13 / 11 | |
| 8.1.211 | 13 / 11 | |
| 8.1.210 | 13 / 11 | |
| 8.1.209 | 13 / 11 | |
| 8.1.208 | 13 / 11 | |
| 8.1.207 | 13 / 11 | |
| 8.1.206 | 13 / 11 | |
| 8.1.205 | 13 / 11 | |
| 8.1.204 | 13 / 11 | |
| 8.1.203 | 13 / 11 | |
| 8.1.202 | 13 / 11 | |
| 8.1.201 | 13 / 11 | |
| 8.1.200 | 13 / 11 | |
| 8.1.199 | 13 / 11 | |
| 8.1.198 | 13 / 11 | |
| 8.1.197 | 13 / 11 | |
| 8.1.196 | 13 / 11 | |
| 8.1.195 | 14 / 11 | |
| 8.1.194 | 14 / 11 | |
| 8.1.193 | 14 / 11 | |
| 8.1.192 | 14 / 11 | |
| 8.1.191 | 14 / 11 |
v8.1.242
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.241
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.240
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.239
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.238
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.237
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.236
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.235
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.234
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.233
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.232
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.231
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.229
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.228
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.227
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.226
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.225
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.224
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.223
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.222
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.221
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.220
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.219
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.218
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.217
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.216
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.215
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.214
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.213
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.211
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.210
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.204
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.203
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.202
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.201
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.200
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.199
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.198
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.197
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.196
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.195
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.194
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.193
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.192
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.1.191
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.