@flowrag/provider-openai No license 9 versions

@flowrag/provider-openai

npm Repository Homepage

9

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

zweer

Keywords

flowragragtypescriptprovideropenaiembeddingsextraction

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	suspicious-initial-version	AI (npm-metadata): Monorepo package using 0.0.0 as initial placeholder; legitimate org with repo and author metadata.	ai	2026/05/18
phantom-deps	phantom-dep:openai	AI (phantom-deps): Compiled ESM package; openai is a real runtime dep used in source, not visible in dist entry point scan.	ai	2026/05/18
phantom-deps	phantom-dep:@flowrag/core	AI (phantom-deps): Same-org monorepo dep; phantom detection is a false positive for compiled packages.	ai	2026/05/18
dependencies	unvetted-dep:@flowrag/core	AI (dependencies): Internal monorepo sibling dependency; expected and stable for this scoped package family.	ai	2026/05/04

Versions (showing 9 of 9)

Version	Deps	Published
0.3.5	2 / 0	2026-04-30
0.3.4	2 / 0	2026-03-20
0.3.3	2 / 0	2026-03-20
0.3.2	2 / 0	2026-03-13
0.3.1	2 / 0	2026-03-07
0.3.0	2 / 0	2026-02-23
0.2.0	2 / 0	2026-02-19
0.1.0	2 / 0	2026-02-18
0.0.0	2 / 0	2026-02-18

v0.3.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.