← Home

@geekmidas/constructs

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

geekmidas

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:lodash.set AI (dependencies): lodash.set is a well-known, widely-used utility; stable false positive for this package. ai
dependencies unvetted-dep:@geekmidas/services AI (dependencies): First-party @geekmidas scoped package from same publisher with clean track record. ai
dependencies unvetted-dep:@geekmidas/rate-limit AI (dependencies): First-party @geekmidas scoped package from same publisher with clean track record. ai
dependencies unvetted-dep:@geekmidas/cache AI (dependencies): First-party @geekmidas scoped package from same publisher with clean track record. ai
dependencies unvetted-dep:@geekmidas/errors AI (dependencies): First-party @geekmidas scoped package from same publisher with clean track record. ai
dependencies unvetted-dep:@geekmidas/logger AI (dependencies): First-party @geekmidas scoped package from same publisher with clean track record. ai
semgrep semgrep:new-function-constructor AI (semgrep): Used in FunctionBuilder for typed function construction, not executing external/user input. ai
semgrep semgrep:base64-decode AI (semgrep): Standard AWS API Gateway base64 body decoding; not attacker-controlled payload execution. ai

Versions (showing 3 of 3)

Version Deps Published
3.0.12 8 / 23
3.0.11 8 / 23
3.0.10 8 / 23

v3.0.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.