← Home

@finos/legend-extension-store-flat-data

npm Repository Homepage

Legend extension for Flat-data store

51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

finos-adminmaootexodusneil.slinger

Keywords

legendlegend-extensionstoreflat-data

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance no-provenance AI (provenance): Established FINOS package; provenance is a best-practice enhancement, not a security blocker. ai
dependencies unvetted-dep:serializr AI (dependencies): serializr is a well-known, stable serialization library; pinned to 3.0.3 with no known advisories. ai
phantom-deps phantom-dep:serializr AI (phantom-deps): Declared dep referenced in config; stable false positive for this monorepo package. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): Framework-scoped type package; stable false positive. ai
phantom-deps phantom-dep:mobx-react-lite AI (phantom-deps): Monorepo peer-dep pattern; stable false positive. ai
phantom-deps phantom-dep:@finos/legend-art AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:mobx AI (phantom-deps): Monorepo peer-dep pattern; mobx is a declared dep used transitively via config. ai
phantom-deps phantom-dep:@finos/legend-shared AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:@finos/legend-storage AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:@finos/legend-application AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:@finos/legend-application-studio AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:@finos/legend-graph AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo. ai
phantom-deps phantom-dep:react AI (phantom-deps): Declared as peer dep; phantom-dep false positive for this package. ai

Versions (showing 51 of 163)

View all versions
Version Deps Published
0.0.542 11 / 9
0.0.541 11 / 9
0.0.540 11 / 9
0.0.539 11 / 9
0.0.538 11 / 9
0.0.537 11 / 9
0.0.536 11 / 9
0.0.535 11 / 9
0.0.534 11 / 9
0.0.533 11 / 9
0.0.532 11 / 9
0.0.531 11 / 9
0.0.530 11 / 9
0.0.529 11 / 9
0.0.528 11 / 9
0.0.527 11 / 9
0.0.526 11 / 9
0.0.525 11 / 9
0.0.524 11 / 9
0.0.523 11 / 9
0.0.522 11 / 9
0.0.521 11 / 9
0.0.520 11 / 9
0.0.519 11 / 9
0.0.518 11 / 9
0.0.517 11 / 9
0.0.516 11 / 9
0.0.515 11 / 9
0.0.514 11 / 9
0.0.513 11 / 9
0.0.512 11 / 9
0.0.511 11 / 9
0.0.510 11 / 9
0.0.509 11 / 9
0.0.508 11 / 9
0.0.507 11 / 9
0.0.506 11 / 9
0.0.505 11 / 9
0.0.504 11 / 9
0.0.502 11 / 9
0.0.501 11 / 9
0.0.500 11 / 9
0.0.499 11 / 9
0.0.498 11 / 9
0.0.497 11 / 9
0.0.496 11 / 9
0.0.495 11 / 9
0.0.494 11 / 9
0.0.493 11 / 9
0.0.492 11 / 9
0.0.491 11 / 9

v0.0.542

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.541

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.540

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.539

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.538

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.537

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.536

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.535

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.534

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.533

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.532

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.531

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.530

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.529

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.528

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.526

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.525

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.524

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.523

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.522

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.521

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.520

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.519

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.518

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.517

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.516

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.515

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.514

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.513

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.512

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.511

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.510

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.509

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.508

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.507

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.506

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.505

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.504

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.502

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.501

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.500

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.499

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.498

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.497

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.496

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.495

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.494

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.493

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.492

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.491

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.