@genesislcap/foundation-openfin
Genesis Foundation Openfin
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Consistent across all Genesis org packages; org-level build process does not emit Sigstore attestations. | ai | |
| phantom-deps | phantom-dep:@finos/fdc3 | AI (phantom-deps): Declared as peer/runtime dep for OpenFin FDC3 integration; not directly imported in source is expected for this adapter pattern. | ai | |
| phantom-deps | phantom-dep:@interopio/desktop | AI (phantom-deps): Optional interop SDK dependency; adapter pattern means it may not be directly imported in all code paths. | ai | |
| phantom-deps | phantom-dep:@openfin/workspace-platform | AI (phantom-deps): OpenFin workspace platform SDK; adapter pattern means indirect usage is expected. | ai | |
| phantom-deps | phantom-dep:rxjs | AI (phantom-deps): rxjs is a standard reactive dependency; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@genesislcap/foundation-logger | AI (phantom-deps): Same-org dependency; phantom detection is unreliable across monorepo boundaries. | ai |
Versions (showing 55 of 380)
| Version | Deps | Published |
|---|---|---|
| 14.287.0 | 11 / 9 | |
| 14.286.0 | 11 / 9 | |
| 14.285.1 | 11 / 9 | |
| 14.285.0 | 11 / 9 | |
| 14.284.5 | 11 / 9 | |
| 14.284.4 | 11 / 9 | |
| 14.284.3 | 11 / 9 | |
| 14.284.2 | 11 / 9 | |
| 14.284.1 | 11 / 9 | |
| 14.284.0 | 11 / 9 | |
| 14.283.2 | 11 / 9 | |
| 14.283.1 | 11 / 9 | |
| 14.283.0 | 11 / 9 | |
| 14.282.0 | 11 / 9 | |
| 14.281.2 | 11 / 9 | |
| 14.281.1 | 11 / 9 | |
| 14.281.0 | 11 / 9 | |
| 14.280.0 | 11 / 9 | |
| 14.278.3 | 11 / 9 | |
| 14.278.2 | 11 / 9 | |
| 14.278.1 | 11 / 9 | |
| 14.278.0 | 11 / 9 | |
| 14.277.0 | 11 / 9 | |
| 14.276.3 | 11 / 9 | |
| 14.276.2 | 11 / 9 | |
| 14.276.1 | 11 / 9 | |
| 14.276.0 | 11 / 9 | |
| 14.275.3 | 11 / 9 | |
| 14.275.2 | 11 / 9 | |
| 14.275.1 | 11 / 9 | |
| 14.275.0 | 11 / 9 | |
| 14.274.1 | 11 / 9 | |
| 14.274.0 | 11 / 9 | |
| 14.273.0 | 11 / 9 | |
| 14.272.0 | 11 / 9 | |
| 14.271.2 | 11 / 9 | |
| 14.271.1 | 11 / 9 | |
| 14.271.0 | 11 / 9 | |
| 14.270.0 | 11 / 9 | |
| 14.269.0 | 11 / 9 | |
| 14.268.4 | 11 / 9 | |
| 14.268.3 | 11 / 9 | |
| 14.268.2 | 11 / 9 | |
| 14.268.1 | 11 / 9 | |
| 14.268.0 | 11 / 9 | |
| 14.267.0 | 11 / 9 | |
| 14.266.1 | 11 / 9 | |
| 14.266.0 | 11 / 9 | |
| 14.265.1 | 11 / 9 | |
| 14.265.0 | 11 / 9 | |
| 14.264.4 | 11 / 9 | |
| 14.264.3 | 11 / 9 | |
| 14.264.2 | 11 / 9 | |
| 14.264.1 | 11 / 9 | |
| 14.264.0 | 11 / 9 |
v14.287.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.286.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.285.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.285.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.284.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.283.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.283.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.283.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.282.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.281.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.281.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.281.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.280.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.278.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.278.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.278.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.278.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.277.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.276.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.276.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.276.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.276.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.275.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.275.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.275.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.275.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.274.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.274.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.273.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.272.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.271.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.271.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.271.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.270.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.269.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.268.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.268.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.268.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.268.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.268.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.267.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.266.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.266.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.265.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.265.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.264.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.264.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.264.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.264.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.264.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.