@frontmcp/di No license 25 versions

@frontmcp/di

npm Repository Homepage

25

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

davidfrontegg

Keywords

dependency-injectiondiioccontainerregistrytypescriptdecoratorsreflect-metadatainversion-of-control

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed legitimate by SLSA/Sigstore provenance attestation.	ai	2026/05/18
provenance	slsa-provenance	AI (provenance): Package consistently published with SLSA provenance; stable signal for this package.	ai	2026/05/18
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped DI library; Levenshtein match on short name 'pg' is a false positive.	ai	2026/05/08
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped DI library; Levenshtein match on short name 'qs' is a false positive.	ai	2026/05/08
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped DI library; Levenshtein match on short name 'joi' is a false positive.	ai	2026/05/08
phantom-deps	phantom-dep:mitt	AI (phantom-deps): mitt is a declared runtime dependency; phantom-dep heuristic misfired on import style.	ai	2026/05/08

Versions (showing 25 of 25)

Version	Deps	Published
1.3.0	1 / 4	2026-05-27
1.2.1	1 / 4	2026-05-06
1.2.0	1 / 4	2026-05-05
1.1.2	1 / 4	2026-05-03
1.1.1	1 / 4	2026-05-03
1.1.0	1 / 4	2026-05-01
1.0.4	1 / 4	2026-04-08
1.0.3	1 / 4	2026-04-06
1.0.2	1 / 4	2026-04-06
1.0.1	1 / 4	2026-04-06
1.0.0	1 / 4	2026-04-06
0.12.2	1 / 4	2026-02-26
0.12.1	1 / 4	2026-02-25
0.12.0	1 / 4	2026-02-25
0.11.3	1 / 4	2026-02-22
0.11.2	1 / 4	2026-02-21
0.11.1	1 / 4	2026-02-20
0.11.0	1 / 4	2026-02-19
0.10.0	1 / 4	2026-02-13
0.9.0	1 / 4	2026-02-05
0.8.1	1 / 4	2026-02-03
0.8.0	1 / 4	2026-02-02
0.7.2	1 / 4	2026-01-09
0.7.1	1 / 4	2026-01-09
0.0.1	1 / 4	2026-01-03

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-04-06) provenance

This version was published by a different npm account than previous versions on 2026-04-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.2

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-04-06) provenance

This version was published by a different npm account than previous versions on 2026-04-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-04-06) provenance

This version was published by a different npm account than previous versions on 2026-04-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-04-06) provenance

This version was published by a different npm account than previous versions on 2026-04-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.2

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-26) provenance

This version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.1

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.3

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-22) provenance

This version was published by a different npm account than previous versions on 2026-02-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.2

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-21) provenance

This version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.1

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-20) provenance

This version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-13) provenance

This version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-05) provenance

This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.1

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-03) provenance

This version was published by a different npm account than previous versions on 2026-02-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.0

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-02-02) provenance

This version was published by a different npm account than previous versions on 2026-02-02. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-01-09) provenance

This version was published by a different npm account than previous versions on 2026-01-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.1

2 findings

HIGH Publisher changed: davidfrontegg → GitHub Actions (on 2026-01-09) provenance

This version was published by a different npm account than previous versions on 2026-01-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.