@frontmcp/sdk No license 7 versions

@frontmcp/sdk

npm Repository Homepage

7

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

davidfrontegg

Keywords

mcpdependency injectionsdkadapterspluginsagentfrontfrontmcpframeworktypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/cors	AI (phantom-deps): @types/cors is a type-only dep legitimately listed in dependencies for TS consumers; not a real phantom.	ai	2026/05/18
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is used for standard JWT parsing (decoding the payload segment), not obfuscation.	ai	2026/05/18
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() used in a Proxy handler for legitimate API delegation, not evasion.	ai	2026/05/18

Versions (showing 7 of 7)

Version	Deps	Published
1.3.0	13 / 1	2026-05-27
1.2.1	13 / 1	2026-05-06
1.2.0	13 / 1	2026-05-05
1.1.2	13 / 1	2026-05-03
1.1.1	13 / 1	2026-05-03
1.1.0	13 / 1	2026-05-01
1.0.4	13 / 1	2026-04-08

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.