@hed-hog/operations
O módulo `@hed-hog/operations` oferece funcionalidades completas para a gestão operacional dentro do ecossistema HedHog. Ele integra-se com módulos de paginação, localização, banco de dados via Prisma, além de módulos de AI, arquivos, integrações e config
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@nestjs/mapped-types | AI (phantom-deps): NestJS peer dependency referenced in config; stable false positive for this package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used solely to dynamic-import Playwright as optional dep; input is a hardcoded module name string. | ai | |
| phantom-deps | phantom-dep:@nestjs/jwt | AI (phantom-deps): NestJS config-only reference; stable false positive for this package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Used to decode file content (mimeType/fileName context); not decoding executable payloads. | ai | |
| phantom-deps | phantom-dep:@hed-hog/contact | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic unreliable for monorepo packages. | ai | |
| phantom-deps | phantom-dep:@hed-hog/api-types | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic unreliable for monorepo packages. | ai | |
| phantom-deps | phantom-dep:@nestjs/core | AI (phantom-deps): NestJS config-only reference; stable false positive for this package. | ai |
v0.0.314
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.303
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.