@lightdash/common MIT 21 versions

@lightdash/common

npm Repository Homepage

21

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

ligthdash_javierjose-lightdashowlaslight-irakli

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:free-email-domains	AI (dependencies): free-email-domains is a benign, widely-used utility; addition is contextually appropriate for this BI package.	ai	2026/05/30
publish-pattern	new-deps-added	AI (publish-pattern): New dep (free-email-domains) is a well-known utility with no malicious indicators; not an attack vector.	ai	2026/05/30
source-diff	large-new-source-files	AI (source-diff): Actively developed monorepo common package; large file additions are routine across its 6000+ version history.	ai	2026/05/27
dependencies	unvetted-dep:handlebars	AI (dependencies): Handlebars is a well-known templating library; its use in @lightdash/common is stable and intentional across versions.	ai	2026/05/26
npm-metadata	no-description	AI (npm-metadata): Scoped monorepo package; missing description is a stable characteristic, not a malware signal.	ai	2026/05/14
phantom-deps	phantom-dep:@types/lodash	AI (phantom-deps): @types/lodash is a type declaration package legitimately listed as a runtime dep in this monorepo common package; stable false positive.	ai	2026/04/29

Versions (showing 21 of 21)

Version	Deps	Published
0.3046.1	27 / 6	2026-05-29
0.3045.0	26 / 6	2026-05-29
0.3019.2	26 / 6	2026-05-26
0.3009.0	26 / 6	2026-05-22
0.3008.0	26 / 6	2026-05-22
0.2984.2	26 / 6	2026-05-20
0.2984.0	26 / 6	2026-05-19
0.2961.0	26 / 6	2026-05-18
0.2960.2	26 / 6	2026-05-18
0.2932.0	26 / 6	2026-05-13
0.2924.2	26 / 6	2026-05-13
0.2885.0	26 / 6	2026-05-07
0.2864.6	26 / 6	2026-05-04
0.2864.4	26 / 6	2026-05-04
0.2864.2	26 / 6	2026-05-04
0.2860.0	26 / 6	2026-05-01
0.2851.1	26 / 6	2026-04-30
0.2850.0	26 / 6	2026-04-30
0.2848.0	26 / 6	2026-04-30
0.2847.0	26 / 6	2026-04-29
0.2838.0	26 / 6	2026-04-29

v0.3046.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3045.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3019.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3009.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3008.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2984.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2984.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2961.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2960.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2932.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2924.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2885.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2864.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2864.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2864.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2851.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2850.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2848.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.