@flipdish/events
A TypeScript package for handling event schemas and types in Flipdish's event-driven architecture.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Fires only in test validation helper; stable pattern for this package across versions. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): Config-referenced utility; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:aws-sdk | AI (phantom-deps): Config-referenced utility; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@jest/types | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/client-cloudwatch-logs | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai |
Versions (showing 51 of 143)
| Version | Deps | Published |
|---|---|---|
| 1.26156.0 | 8 / 14 | |
| 1.26153.0 | 8 / 14 | |
| 1.26152.0 | 8 / 14 | |
| 1.26146.0 | 8 / 14 | |
| 1.26142.1 | 8 / 14 | |
| 1.26142.0 | 9 / 14 | |
| 1.26140.2 | 9 / 14 | |
| 1.26140.1 | 9 / 14 | |
| 1.26140.0 | 9 / 14 | |
| 1.26138.0 | 9 / 14 | |
| 1.26135.0 | 9 / 14 | |
| 1.26132.0 | 9 / 14 | |
| 1.26126.0 | 8 / 14 | |
| 1.26125.0 | 8 / 14 | |
| 1.26120.1 | 8 / 14 | |
| 1.26120.0 | 8 / 14 | |
| 1.26119.0 | 8 / 14 | |
| 1.26104.0 | 8 / 14 | |
| 1.26103.0 | 8 / 14 | |
| 1.26098.0 | 8 / 14 | |
| 1.26092.0 | 8 / 14 | |
| 1.25342.0 | 7 / 14 | |
| 1.80.4 | 7 / 14 | |
| 1.80.3 | 7 / 14 | |
| 1.80.2 | 7 / 14 | |
| 1.80.1 | 7 / 14 | |
| 1.80.0 | 7 / 14 | |
| 1.79.1 | 7 / 14 | |
| 1.79.0 | 7 / 14 | |
| 1.78.3 | 7 / 14 | |
| 1.78.2 | 7 / 14 | |
| 1.78.1 | 7 / 14 | |
| 1.78.0 | 7 / 14 | |
| 1.77.0 | 7 / 14 | |
| 1.76.0 | 7 / 14 | |
| 1.75.7 | 7 / 14 | |
| 1.75.6 | 7 / 14 | |
| 1.75.5 | 7 / 14 | |
| 1.75.4 | 7 / 14 | |
| 1.75.3 | 7 / 14 | |
| 1.75.2 | 7 / 14 | |
| 1.75.1 | 7 / 14 | |
| 1.75.0 | 7 / 14 | |
| 1.74.4 | 7 / 14 | |
| 1.74.3 | 7 / 14 | |
| 1.74.2 | 7 / 14 | |
| 1.74.1 | 7 / 14 | |
| 1.73.2 | 7 / 14 | |
| 1.73.1 | 7 / 14 | |
| 1.72.1 | 7 / 14 | |
| 1.72.0 | 7 / 14 |
v1.26156.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26153.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26152.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26146.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26142.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26142.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26140.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26140.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26140.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26138.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26135.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26132.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26126.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26125.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.26120.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26120.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26119.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26104.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26098.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.26092.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25342.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.80.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.80.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.80.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.80.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.80.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.79.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.79.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.78.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.78.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.78.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.78.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.77.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.76.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.75.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.74.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.74.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.74.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.74.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.73.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.73.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.72.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.