@genesislcap/foundation-openfin
Genesis Foundation Openfin
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Consistent across all Genesis org packages; org-level build process does not emit Sigstore attestations. | ai | |
| phantom-deps | phantom-dep:@finos/fdc3 | AI (phantom-deps): Declared as peer/runtime dep for OpenFin FDC3 integration; not directly imported in source is expected for this adapter pattern. | ai | |
| phantom-deps | phantom-dep:@interopio/desktop | AI (phantom-deps): Optional interop SDK dependency; adapter pattern means it may not be directly imported in all code paths. | ai | |
| phantom-deps | phantom-dep:@openfin/workspace-platform | AI (phantom-deps): OpenFin workspace platform SDK; adapter pattern means indirect usage is expected. | ai | |
| phantom-deps | phantom-dep:rxjs | AI (phantom-deps): rxjs is a standard reactive dependency; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@genesislcap/foundation-logger | AI (phantom-deps): Same-org dependency; phantom detection is unreliable across monorepo boundaries. | ai |
Versions (showing 51 of 355)
| Version | Deps | Published |
|---|---|---|
| 14.451.4 | 10 / 8 | |
| 14.451.3 | 10 / 8 | |
| 14.451.2 | 10 / 8 | |
| 14.451.1 | 10 / 8 | |
| 14.451.0 | 10 / 8 | |
| 14.450.0 | 10 / 8 | |
| 14.449.0 | 10 / 8 | |
| 14.448.0 | 10 / 8 | |
| 14.447.2 | 10 / 8 | |
| 14.447.1 | 10 / 8 | |
| 14.447.0 | 10 / 8 | |
| 14.446.2 | 10 / 8 | |
| 14.446.1 | 10 / 8 | |
| 14.446.0 | 10 / 8 | |
| 14.445.2 | 10 / 8 | |
| 14.445.1 | 10 / 8 | |
| 14.445.0 | 10 / 8 | |
| 14.444.1 | 10 / 8 | |
| 14.444.0 | 10 / 8 | |
| 14.443.1 | 10 / 8 | |
| 14.443.0 | 10 / 8 | |
| 14.442.0 | 10 / 8 | |
| 14.441.0 | 10 / 8 | |
| 14.439.3 | 10 / 8 | |
| 14.439.2 | 10 / 8 | |
| 14.439.1 | 10 / 8 | |
| 14.439.0 | 10 / 8 | |
| 14.438.1 | 10 / 8 | |
| 14.438.0 | 10 / 8 | |
| 14.437.6 | 10 / 8 | |
| 14.437.5 | 10 / 8 | |
| 14.437.4 | 10 / 8 | |
| 14.437.3 | 10 / 8 | |
| 14.437.2 | 10 / 8 | |
| 14.437.1 | 10 / 8 | |
| 14.437.0 | 10 / 8 | |
| 14.436.0 | 10 / 8 | |
| 14.435.0 | 10 / 8 | |
| 14.434.0 | 10 / 8 | |
| 14.433.1 | 10 / 8 | |
| 14.433.0 | 10 / 8 | |
| 14.432.2 | 10 / 8 | |
| 14.432.1 | 10 / 8 | |
| 14.432.0 | 10 / 8 | |
| 14.431.0 | 10 / 8 | |
| 14.430.2 | 10 / 8 | |
| 14.430.1 | 10 / 8 | |
| 14.430.0 | 10 / 8 | |
| 14.429.3 | 10 / 8 | |
| 14.429.2 | 10 / 8 | |
| 14.429.1 | 10 / 8 |
v14.451.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.451.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.451.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.451.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.451.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.450.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.449.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.448.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.447.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.447.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.447.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.446.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.446.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.446.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.445.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.445.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.445.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.444.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.444.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.443.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.443.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.442.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.441.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.439.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.439.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.439.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.439.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.438.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.438.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.437.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.436.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.435.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.434.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.433.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.433.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.432.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.432.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.432.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.431.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.430.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.430.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.430.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.429.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.429.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.429.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.