@learncard/learn-cloud-service
5
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
gerardoparcustard7smurflo2taylorbeestonjonny2lips
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@learncard/did-web-plugin | AI (phantom-deps): Same-org plugin, likely loaded dynamically or via config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/lodash | AI (phantom-deps): Type-only package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:serverless-offline | AI (phantom-deps): Dev/config-file reference for serverless framework; stable false positive. | ai | |
| phantom-deps | phantom-dep:neogma | AI (phantom-deps): Config-file reference; stable false positive for this package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires inside bundled swagger-ui-es-bundle-core.js; not package-authored code, stable false positive. | ai | |
| phantom-deps | phantom-dep:cors | AI (phantom-deps): Serverless/config-file reference in a monorepo service; stable false positive. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Config-file reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tsc-alias | AI (phantom-deps): Build-time tool referenced in scripts; stable false positive. | ai | |
| phantom-deps | phantom-dep:zod-openapi | AI (phantom-deps): Config-file reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:neo4j-driver | AI (phantom-deps): Config-file reference; stable false positive for this package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Standard AWS Lambda base64 body decoding pattern; not malicious. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex encoding in crypto helper for number-to-buffer conversion; not obfuscation. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 2.5.19 | 43 / 25 | |
| 2.5.18 | 43 / 25 | |
| 2.5.17 | 43 / 25 | |
| 2.5.16 | 43 / 25 | |
| 2.5.13 | 43 / 25 |
v2.5.19
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.5.18
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.5.17
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.5.16
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.