← Home

@galacean/engine-shaderlab

npm Repository Homepage

```sh npm install @galacean/engine-shaderlab ```

2
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

yiqiimchenjianchengkong.zxxeyworldwideyinjieruimeng.sugl3336563zhanyingweizhuxudongjohanzhumrkou47husongluzhuangjujiefeyabibi

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
email-domain unclaimed-email:yufangjun.com AI (email-domain): SLSA provenance attestation via Sigstore provides strong supply chain integrity, offsetting the unclaimed domain risk for this established package. ai

Versions (showing 2 of 2)

Version Deps Published
1.6.13 0 / 2
1.6.8 0 / 2

v1.6.13

2 findings
HIGH Unclaimed maintainer email domain: yufangjun.com email-domain

Maintainer email '[email protected]' uses domain 'yufangjun.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.