@finos/legend-extension-store-flat-data

Legend extension for Flat-data store

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

finos-adminmaootexodusneil.slinger

Keywords

legendlegend-extensionstoreflat-data

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established FINOS package; provenance is a best-practice enhancement, not a security blocker.	ai	2026/05/29
dependencies	unvetted-dep:serializr	AI (dependencies): serializr is a well-known, stable serialization library; pinned to 3.0.3 with no known advisories.	ai	2026/04/30
phantom-deps	phantom-dep:serializr	AI (phantom-deps): Declared dep referenced in config; stable false positive for this monorepo package.	ai	2026/04/29
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): Framework-scoped type package; stable false positive.	ai	2026/04/29
phantom-deps	phantom-dep:mobx-react-lite	AI (phantom-deps): Monorepo peer-dep pattern; stable false positive.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-art	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:mobx	AI (phantom-deps): Monorepo peer-dep pattern; mobx is a declared dep used transitively via config.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-shared	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-storage	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-application	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-application-studio	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:@finos/legend-graph	AI (phantom-deps): Same-org sibling dep; stable false positive for this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:react	AI (phantom-deps): Declared as peer dep; phantom-dep false positive for this package.	ai	2026/04/29

Versions (showing 100 of 163)

Version	Deps	Published
0.0.542	11 / 9	2026-06-05
0.0.541	11 / 9	2026-06-04
0.0.540	11 / 9	2026-06-03
0.0.539	11 / 9	2026-06-03
0.0.538	11 / 9	2026-06-01
0.0.537	11 / 9	2026-05-26
0.0.536	11 / 9	2026-05-20
0.0.535	11 / 9	2026-05-18
0.0.534	11 / 9	2026-05-11
0.0.533	11 / 9	2026-05-11
0.0.532	11 / 9	2026-05-07
0.0.531	11 / 9	2026-05-06
0.0.530	11 / 9	2026-05-05
0.0.529	11 / 9	2026-05-01
0.0.528	11 / 9	2026-04-29
0.0.527	11 / 9	2026-04-27
0.0.526	11 / 9	2026-04-20
0.0.525	11 / 9	2026-04-13
0.0.524	11 / 9	2026-04-06
0.0.523	11 / 9	2026-03-31
0.0.522	11 / 9	2026-03-24
0.0.521	11 / 9	2026-03-24
0.0.520	11 / 9	2026-03-20
0.0.519	11 / 9	2026-03-19
0.0.518	11 / 9	2026-03-17
0.0.517	11 / 9	2026-03-17
0.0.516	11 / 9	2026-03-10
0.0.515	11 / 9	2026-03-09
0.0.514	11 / 9	2026-03-07
0.0.513	11 / 9	2026-03-06
0.0.512	11 / 9	2026-03-04
0.0.511	11 / 9	2026-03-03
0.0.510	11 / 9	2026-02-26
0.0.509	11 / 9	2026-02-25
0.0.508	11 / 9	2026-02-23
0.0.507	11 / 9	2026-02-19
0.0.506	11 / 9	2026-02-14
0.0.505	11 / 9	2026-02-13
0.0.504	11 / 9	2026-02-11
0.0.502	11 / 9	2026-02-01
0.0.501	11 / 9	2026-01-29
0.0.500	11 / 9	2026-01-27
0.0.499	11 / 9	2026-01-23
0.0.498	11 / 9	2026-01-22
0.0.497	11 / 9	2026-01-20
0.0.496	11 / 9	2026-01-16
0.0.495	11 / 9	2026-01-13
0.0.494	11 / 9	2026-01-07
0.0.493	11 / 9	2026-01-06
0.0.492	11 / 9	2025-12-19
0.0.491	11 / 9	2025-12-16
0.0.490	11 / 9	2025-12-15
0.0.489	11 / 9	2025-12-11
0.0.488	11 / 9	2025-12-11
0.0.487	11 / 9	2025-12-11
0.0.486	11 / 9	2025-12-10
0.0.485	11 / 9	2025-12-08
0.0.484	11 / 9	2025-12-04
0.0.483	11 / 9	2025-12-04
0.0.482	11 / 9	2025-12-03
0.0.481	11 / 9	2025-12-02
0.0.480	11 / 9	2025-11-21
0.0.479	11 / 9	2025-11-19
0.0.478	11 / 9	2025-11-19
0.0.477	11 / 9	2025-11-17
0.0.476	11 / 9	2025-11-14
0.0.475	11 / 9	2025-11-10
0.0.474	11 / 9	2025-11-05
0.0.473	11 / 9	2025-11-05
0.0.472	11 / 9	2025-11-03
0.0.471	11 / 9	2025-10-31
0.0.470	11 / 9	2025-10-30
0.0.469	11 / 9	2025-10-30
0.0.468	11 / 9	2025-10-28
0.0.467	11 / 9	2025-10-27
0.0.466	11 / 9	2025-10-24
0.0.465	11 / 9	2025-10-22
0.0.464	11 / 9	2025-10-20
0.0.463	11 / 9	2025-10-17
0.0.462	11 / 9	2025-10-10
0.0.461	11 / 9	2025-10-10
0.0.460	11 / 9	2025-10-09
0.0.459	11 / 9	2025-10-06
0.0.458	11 / 9	2025-10-02
0.0.457	11 / 9	2025-09-30
0.0.456	11 / 9	2025-09-29
0.0.455	11 / 9	2025-09-27
0.0.454	11 / 9	2025-09-25
0.0.453	11 / 9	2025-09-24
0.0.452	11 / 9	2025-09-19
0.0.451	11 / 9	2025-09-18
0.0.450	11 / 9	2025-09-17
0.0.449	11 / 9	2025-09-15
0.0.448	11 / 9	2025-09-11
0.0.447	11 / 9	2025-09-11
0.0.446	11 / 9	2025-09-08
0.0.445	11 / 9	2025-09-08
0.0.444	11 / 9	2025-09-04
0.0.443	11 / 9	2025-09-04
0.0.442	11 / 9	2025-09-03

Showing 100 of 163 Next page →

v0.0.542

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.541

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.540

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.539

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.538

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.