@langchain/langgraph-sdk
Client library for interacting with the LangGraph API
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): @types/json-schema is a well-known DefinitelyTyped package with no malicious history; benign addition for JSON Schema type support. | ai | |
| source-diff | net-exec-file:dist/ui/stream/agent.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) — contains only type definitions and JSDoc examples. Not executed at runtime. The eval() reference is inside a documentation example snippet, not live code. | ai | |
| source-diff | net-exec-file:dist/ui/stream/agent.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) — contains only type definitions and JSDoc examples. Not executed at runtime. The eval() reference is inside a documentation example snippet, not live code. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from human publisher (davidduong) to GitHub Actions CI/CD is a legitimate automation upgrade for the langchain-ai org, backed by SLSA provenance attestation. Generalizes to future versions. | ai | |
| provenance | missing-githead | AI (provenance): Package has SLSA provenance attestation via Sigstore, which is a stronger integrity signal than gitHead. Published by GitHub Actions from the official langchain-ai org. | ai | |
| dependencies | unvetted-dep:p-retry | AI (dependencies): p-retry is a well-known sindresorhus utility with no security concerns; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/json-schema | AI (phantom-deps): @types/json-schema is used as a type-only dependency in this TypeScript SDK; declaring it as a runtime dep for type re-exports is a known pattern. Stable false positive for this package. | ai |
Versions (showing 62 of 162)
| Version | Deps | Published |
|---|---|---|
| 0.0.65 | 4 / 18 | |
| 0.0.64 | 4 / 18 | |
| 0.0.63 | 4 / 18 | |
| 0.0.62 | 4 / 18 | |
| 0.0.61 | 4 / 18 | |
| 0.0.60 | 4 / 18 | |
| 0.0.59 | 4 / 18 | |
| 0.0.57 | 4 / 18 | |
| 0.0.56 | 4 / 18 | |
| 0.0.54 | 4 / 18 | |
| 0.0.53 | 4 / 18 | |
| 0.0.52 | 4 / 18 | |
| 0.0.51 | 4 / 18 | |
| 0.0.50 | 4 / 18 | |
| 0.0.49 | 4 / 18 | |
| 0.0.48 | 4 / 18 | |
| 0.0.47 | 4 / 18 | |
| 0.0.46 | 4 / 16 | |
| 0.0.45 | 4 / 16 | |
| 0.0.44 | 4 / 16 | |
| 0.0.43 | 4 / 16 | |
| 0.0.42 | 4 / 16 | |
| 0.0.41 | 4 / 16 | |
| 0.0.40 | 4 / 16 | |
| 0.0.39 | 4 / 16 | |
| 0.0.38 | 4 / 13 | |
| 0.0.37 | 4 / 13 | |
| 0.0.36 | 4 / 13 | |
| 0.0.35 | 4 / 9 | |
| 0.0.34 | 4 / 9 | |
| 0.0.33 | 4 / 9 | |
| 0.0.32 | 4 / 9 | |
| 0.0.31 | 4 / 9 | |
| 0.0.30 | 4 / 9 | |
| 0.0.29 | 4 / 9 | |
| 0.0.28 | 4 / 9 | |
| 0.0.27 | 4 / 9 | |
| 0.0.26 | 4 / 9 | |
| 0.0.25 | 4 / 9 | |
| 0.0.24 | 4 / 9 | |
| 0.0.23 | 4 / 9 | |
| 0.0.22 | 4 / 8 | |
| 0.0.21 | 4 / 8 | |
| 0.0.20 | 4 / 8 | |
| 0.0.19 | 4 / 8 | |
| 0.0.18 | 4 / 8 | |
| 0.0.17 | 4 / 8 | |
| 0.0.16 | 4 / 8 | |
| 0.0.15 | 4 / 8 | |
| 0.0.14 | 4 / 8 | |
| 0.0.13 | 4 / 8 | |
| 0.0.11 | 4 / 8 | |
| 0.0.10 | 4 / 8 | |
| 0.0.9 | 5 / 8 | |
| 0.0.8 | 5 / 8 | |
| 0.0.7 | 5 / 8 | |
| 0.0.6 | 5 / 8 | |
| 0.0.5 | 5 / 8 | |
| 0.0.4 | 5 / 8 | |
| 0.0.3 | 5 / 8 | |
| 0.0.2 | 5 / 8 | |
| 0.0.1 | 5 / 8 |
v0.0.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.49
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.