← Home

@learncard/ceramic-plugin

npm Repository Homepage

[<img src="https://user-images.githubusercontent.com/2185016/190510561-294db809-09fd-4771-9749-6c0e0f4144fd.png" width="215"/>](https://learncard.com)

8
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

gerardoparcustard7smurflo2taylorbeestonjonny2lips

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:hex-lite AI (dependencies): Established hex utility library; stable dependency in this package's ecosystem context. ai
dependencies unvetted-dep:@glazed/tile-loader AI (dependencies): Official Glazed/Ceramic ecosystem package; expected dependency for a ceramic plugin. ai
dependencies unvetted-dep:@ceramicnetwork/common AI (dependencies): Official Ceramic Network package; expected for a ceramic plugin. ai
dependencies unvetted-dep:@ceramicnetwork/http-client AI (dependencies): Official Ceramic Network package; expected for a ceramic plugin. ai
dependencies unvetted-dep:@ceramicnetwork/stream-tile AI (dependencies): Official Ceramic Network package; expected for a ceramic plugin. ai
phantom-deps phantom-dep:@ceramicnetwork/common AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Bundled plugin; lodash used transitively or in build, not a direct import concern. ai
phantom-deps phantom-dep:@ceramicnetwork/stream-tile AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai
phantom-deps phantom-dep:key-did-provider-ed25519 AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai
phantom-deps phantom-dep:did-jwt AI (phantom-deps): Ceramic/DID ecosystem dep; likely re-exported or used indirectly in bundled output. ai
phantom-deps phantom-dep:hex-lite AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai
phantom-deps phantom-dep:key-did-resolver AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai
phantom-deps phantom-dep:@glazed/tile-loader AI (phantom-deps): Declared dep; phantom-dep heuristic false positive for bundled packages. ai

Versions (showing 8 of 8)

Version Deps Published
1.1.20 12 / 11
1.1.19 12 / 11
1.1.18 12 / 11
1.1.17 12 / 11
1.1.16 12 / 11
1.1.14 12 / 11
1.1.13 12 / 11
1.1.12 12 / 11

v1.1.20

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.17

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.