@lightdash/warehouses
Warehouse connectors for Lightdash
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing; SLSA provenance attestation confirms integrity. Stable pattern for this package. | ai | |
| dependencies | unvetted-dep:@duckdb/node-api | AI (dependencies): @duckdb/node-api is the official DuckDB Node.js API; legitimate dependency for a warehouse connector package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal monorepo package; sparse README and no keywords are expected for workspace sub-packages. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): lodash is a declared runtime dependency; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 30 of 1730)
| Version | Deps | Published |
|---|---|---|
| 0.1612.2 | 9 / 4 | |
| 0.1612.1 | 9 / 4 | |
| 0.1612.0 | 9 / 4 | |
| 0.1611.0 | 9 / 4 | |
| 0.1610.2 | 9 / 4 | |
| 0.1610.1 | 9 / 4 | |
| 0.1610.0 | 9 / 4 | |
| 0.1609.5 | 9 / 4 | |
| 0.1609.4 | 9 / 4 | |
| 0.1609.3 | 9 / 4 | |
| 0.1609.2 | 9 / 4 | |
| 0.1609.1 | 9 / 4 | |
| 0.1609.0 | 9 / 4 | |
| 0.1608.0 | 9 / 4 | |
| 0.1607.0 | 9 / 4 | |
| 0.1606.7 | 9 / 4 | |
| 0.1606.6 | 9 / 4 | |
| 0.1606.5 | 9 / 4 | |
| 0.1606.4 | 9 / 4 | |
| 0.1606.3 | 9 / 4 | |
| 0.1606.2 | 9 / 4 | |
| 0.1606.1 | 9 / 4 | |
| 0.1606.0 | 9 / 4 | |
| 0.1605.0 | 9 / 4 | |
| 0.1604.2 | 9 / 4 | |
| 0.1604.1 | 9 / 4 | |
| 0.1604.0 | 9 / 4 | |
| 0.1603.0 | 9 / 4 | |
| 0.1602.3 | 9 / 4 | |
| 0.1602.2 | 9 / 4 |
v0.1612.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1612.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1612.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1611.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1610.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1610.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1610.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1609.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1608.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1607.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1606.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1605.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1604.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1604.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1604.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1603.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1602.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1602.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.