@harperfast/agent
AI to help you with Harper app management
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): Package has SLSA provenance via CI/CD; maintainer addition appears to be a legitimate org change for HarperDB/HarperFast. | ai | |
| dependencies | unvetted-dep:ink-stepper | AI (dependencies): Legitimate ink ecosystem UI component; consistent with CLI agent use case. | ai | |
| dependencies | unvetted-dep:ink-task-list | AI (dependencies): Legitimate ink ecosystem UI component; consistent with CLI agent use case. | ai | |
| dependencies | unvetted-dep:ink-virtual-list | AI (dependencies): Legitimate ink ecosystem UI component; consistent with CLI agent use case. | ai | |
| phantom-deps | phantom-dep:@harperfast/skills | AI (phantom-deps): Same org scope; likely re-exported or used indirectly — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ink-task-list | AI (phantom-deps): UI component likely used via dynamic import or re-export; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ink-virtual-list | AI (phantom-deps): UI component likely used via dynamic import or re-export; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ai | AI (phantom-deps): AI SDK peer/transitive usage pattern; stable false positive for this package. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 0.16.17 | 19 / 24 | |
| 0.16.16 | 19 / 24 | |
| 0.16.15 | 19 / 24 | |
| 0.16.14 | 19 / 24 | |
| 0.16.13 | 19 / 24 | |
| 0.16.12 | 19 / 24 | |
| 0.16.11 | 19 / 24 | |
| 0.16.10 | 19 / 24 | |
| 0.16.9 | 19 / 24 | |
| 0.16.8 | 19 / 24 | |
| 0.16.7 | 19 / 24 | |
| 0.16.6 | 19 / 24 | |
| 0.16.5 | 19 / 24 | |
| 0.16.4 | 19 / 24 | |
| 0.16.3 | 19 / 24 | |
| 0.16.2 | 19 / 24 | |
| 0.16.1 | 18 / 24 | |
| 0.16.0 | 18 / 24 | |
| 0.15.10 | 18 / 24 | |
| 0.15.9 | 18 / 24 | |
| 0.15.8 | 18 / 24 | |
| 0.15.7 | 18 / 24 | |
| 0.15.6 | 18 / 24 | |
| 0.15.5 | 18 / 24 | |
| 0.15.4 | 18 / 24 | |
| 0.15.3 | 18 / 24 | |
| 0.15.2 | 18 / 24 | |
| 0.15.1 | 18 / 24 | |
| 0.15.0 | 18 / 24 | |
| 0.14.1 | 18 / 24 | |
| 0.14.0 | 18 / 23 | |
| 0.13.8 | 12 / 22 | |
| 0.13.7 | 12 / 22 | |
| 0.13.6 | 12 / 22 | |
| 0.13.5 | 12 / 22 | |
| 0.13.4 | 12 / 22 | |
| 0.13.3 | 12 / 22 | |
| 0.13.2 | 12 / 22 | |
| 0.13.1 | 12 / 22 | |
| 0.12.1 | 12 / 22 | |
| 0.12.0 | 12 / 22 | |
| 0.11.5 | 12 / 22 | |
| 0.11.4 | 13 / 22 | |
| 0.11.3 | 13 / 22 | |
| 0.11.2 | 13 / 22 | |
| 0.11.1 | 13 / 22 | |
| 0.11.0 | 13 / 22 | |
| 0.10.6 | 13 / 22 |
v0.16.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.