@getpaseo/server — Greenflagged

Paseo backend server

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

boudra

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@getpaseo/client	AI (phantom-deps): Same-org package; phantom-dep heuristic unreliable for monorepo siblings.	ai	2026/05/30
phantom-deps	phantom-dep:fast-uri	AI (phantom-deps): fast-uri is a transitive/config dep; phantom-dep false positive stable for this package.	ai	2026/05/12
phantom-deps	phantom-dep:@deepgram/sdk	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:@lezer/common	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:@ai-sdk/openai	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:tiny-invariant	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:express-basic-auth	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:strip-ansi	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:pino-pretty	AI (phantom-deps): Declared runtime dep used via config/indirect import; stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:@mariozechner/pi-agent-core	AI (phantom-deps): Conditionally loaded agent core dependency; phantom-dep false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@mariozechner/pi-ai	AI (phantom-deps): Conditionally loaded AI provider dependency; phantom-dep false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:sherpa-onnx-node	AI (phantom-deps): sherpa-onnx-node is a speech/ASR native module used conditionally; phantom-dep heuristic fires on optional/config-driven imports.	ai	2026/04/30
typosquat	typosquat.levenshtein:semver	AI (typosquat): @getpaseo/server is a scoped backend package for the Paseo product; 'server' vs 'semver' is a coincidental Levenshtein match, not impersonation.	ai	2026/04/30

Versions (showing 51 of 60)

View all versions

Version	Deps	Published
0.1.90	34 / 11	2026-06-04
0.1.89	34 / 11	2026-06-02
0.1.88	34 / 11	2026-06-01
0.1.87	34 / 11	2026-05-30
0.1.86	34 / 11	2026-05-29
0.1.85	34 / 11	2026-05-28
0.1.84	34 / 11	2026-05-28
0.1.83	34 / 11	2026-05-26
0.1.82	34 / 11	2026-05-26
0.1.81	34 / 11	2026-05-24
0.1.80	34 / 11	2026-05-21
0.1.79	34 / 11	2026-05-21
0.1.78	37 / 11	2026-05-18
0.1.77	37 / 11	2026-05-18
0.1.76	37 / 11	2026-05-15
0.1.75	37 / 11	2026-05-12
0.1.74	37 / 11	2026-05-11
0.1.73	37 / 11	2026-05-10
0.1.72	37 / 11	2026-05-10
0.1.71	37 / 11	2026-05-09
0.1.70	37 / 11	2026-05-08
0.1.69	36 / 11	2026-05-05
0.1.68	36 / 11	2026-05-05
0.1.67	36 / 11	2026-05-03
0.1.66	35 / 11	2026-05-03
0.1.65	35 / 11	2026-05-03
0.1.63	34 / 11	2026-04-28
0.1.62	38 / 12	2026-04-23
0.1.61	38 / 12	2026-04-22
0.1.60	38 / 12	2026-04-22
0.1.59	37 / 12	2026-04-16
0.1.58	37 / 12	2026-04-16
0.1.57	37 / 12	2026-04-16
0.1.56	36 / 12	2026-04-14
0.1.55	36 / 12	2026-04-14
0.1.54	35 / 12	2026-04-12
0.1.53	35 / 12	2026-04-12
0.1.52	34 / 12	2026-04-10
0.1.51	34 / 12	2026-04-09
0.1.50	34 / 12	2026-04-07
0.1.49	34 / 12	2026-04-06
0.1.48	34 / 12	2026-04-05
0.1.47	35 / 12	2026-04-04
0.1.46	35 / 12	2026-04-04
0.1.45	35 / 12	2026-04-04
0.1.44	34 / 12	2026-04-03
0.1.43	34 / 11	2026-04-02
0.1.42	33 / 11	2026-04-01
0.1.41	33 / 11	2026-04-01
0.1.40	33 / 11	2026-04-01
0.1.39	33 / 11	2026-03-30