@grackle-ai/core
Core gRPC business logic for Grackle — RPC handlers, event system, streaming, session lifecycle
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@opentelemetry/api | AI (phantom-deps): OpenTelemetry API is used via instrumentation hooks, not direct imports; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@grackle-ai/ahp | AI (phantom-deps): Same-org monorepo dep; phantom import is expected for intra-package config/transitive usage. | ai | |
| phantom-deps | phantom-dep:@grackle-ai/plugin-sdk | AI (phantom-deps): Same org monorepo dep; may be used indirectly or re-exported. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped @grackle-ai/core is a gRPC core library, not a typosquat of the 'cors' middleware package. | ai | |
| phantom-deps | phantom-dep:@connectrpc/connect-node | AI (phantom-deps): Referenced in config files; legitimate usage for gRPC Node.js transport. | ai | |
| phantom-deps | phantom-dep:cron-parser | AI (phantom-deps): Referenced in config files; legitimate transitive/config usage in monorepo. | ai | |
| phantom-deps | phantom-dep:@grackle-ai/knowledge | AI (phantom-deps): Same org monorepo dep; may be used indirectly or re-exported. | ai |
Versions (showing 51 of 120)
| Version | Deps | Published |
|---|---|---|
| 0.135.0 | 21 / 6 | |
| 0.134.0 | 21 / 6 | |
| 0.133.1 | 21 / 6 | |
| 0.133.0 | 21 / 6 | |
| 0.132.2 | 21 / 6 | |
| 0.132.0 | 21 / 6 | |
| 0.131.0 | 20 / 5 | |
| 0.130.0 | 20 / 5 | |
| 0.129.0 | 20 / 5 | |
| 0.128.0 | 20 / 5 | |
| 0.127.0 | 14 / 5 | |
| 0.126.1 | 14 / 5 | |
| 0.126.0 | 14 / 5 | |
| 0.125.2 | 14 / 5 | |
| 0.125.1 | 14 / 5 | |
| 0.125.0 | 14 / 5 | |
| 0.124.0 | 14 / 5 | |
| 0.123.2 | 14 / 5 | |
| 0.123.1 | 14 / 5 | |
| 0.123.0 | 14 / 5 | |
| 0.122.0 | 14 / 5 | |
| 0.121.0 | 14 / 5 | |
| 0.120.0 | 14 / 5 | |
| 0.119.0 | 14 / 5 | |
| 0.118.0 | 14 / 5 | |
| 0.117.0 | 14 / 5 | |
| 0.116.0 | 14 / 5 | |
| 0.115.2 | 14 / 5 | |
| 0.115.1 | 14 / 5 | |
| 0.115.0 | 14 / 5 | |
| 0.114.0 | 14 / 5 | |
| 0.113.0 | 14 / 5 | |
| 0.112.2 | 14 / 5 | |
| 0.112.1 | 14 / 5 | |
| 0.112.0 | 14 / 5 | |
| 0.111.0 | 14 / 5 | |
| 0.110.3 | 14 / 5 | |
| 0.110.2 | 14 / 5 | |
| 0.110.1 | 14 / 5 | |
| 0.108.4 | 14 / 5 | |
| 0.108.3 | 14 / 5 | |
| 0.108.2 | 14 / 5 | |
| 0.108.1 | 14 / 5 | |
| 0.108.0 | 14 / 5 | |
| 0.107.2 | 14 / 5 | |
| 0.107.1 | 14 / 5 | |
| 0.107.0 | 14 / 5 | |
| 0.106.3 | 14 / 5 | |
| 0.106.2 | 14 / 5 | |
| 0.106.1 | 14 / 5 | |
| 0.106.0 | 14 / 5 |
v0.135.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.134.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.133.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.133.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.132.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.132.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.131.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.130.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.129.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.128.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.127.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.126.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.126.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.125.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.125.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.125.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.124.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.123.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.123.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.123.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.122.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.121.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.120.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.119.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.118.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.117.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.116.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.115.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.115.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.115.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.114.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.113.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.112.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.112.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.112.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.111.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.1
2 findingsPackage name '@grackle-ai/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.108.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.