@itentialopensource/adapter-docker
This adapter integrates with system Docker
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:preinstall | AI (install-scripts): Standard Itential adapter setup script pattern; stable across all versions of this package family. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Adapter framework module-loading pattern using path.join(__dirname,...); not arbitrary user input. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Used for adapter migration/health-check utilities; consistent with Itential adapter framework design. | ai | |
| phantom-deps | phantom-dep:ping | AI (phantom-deps): Referenced in adapter config/test files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:prompts | AI (phantom-deps): Referenced in adapter utility scripts; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:mocha-param | AI (phantom-deps): Used in test configuration; stable false positive for this package. | ai |
v1.0.1
2 findingsScript: node utils/setup.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
2 findingsScript: node utils/setup.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.0
2 findingsScript: node utils/setup.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.