@lightdash/warehouses
Warehouse connectors for Lightdash
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing; SLSA provenance attestation confirms integrity. Stable pattern for this package. | ai | |
| dependencies | unvetted-dep:@duckdb/node-api | AI (dependencies): @duckdb/node-api is the official DuckDB Node.js API; legitimate dependency for a warehouse connector package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal monorepo package; sparse README and no keywords are expected for workspace sub-packages. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): lodash is a declared runtime dependency; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 100 of 1730)
| Version | Deps | Published |
|---|---|---|
| 0.2134.2 | 10 / 4 | |
| 0.2134.1 | 10 / 4 | |
| 0.2134.0 | 10 / 4 | |
| 0.2133.0 | 10 / 4 | |
| 0.2132.0 | 10 / 4 | |
| 0.2131.4 | 10 / 4 | |
| 0.2131.3 | 10 / 4 | |
| 0.2131.2 | 10 / 4 | |
| 0.2131.1 | 10 / 4 | |
| 0.2131.0 | 10 / 4 | |
| 0.2130.0 | 10 / 4 | |
| 0.2129.1 | 10 / 4 | |
| 0.2129.0 | 10 / 4 | |
| 0.2128.1 | 10 / 4 | |
| 0.2128.0 | 10 / 4 | |
| 0.2127.0 | 10 / 4 | |
| 0.2126.3 | 10 / 4 | |
| 0.2126.2 | 10 / 4 | |
| 0.2126.1 | 10 / 4 | |
| 0.2126.0 | 10 / 4 | |
| 0.2125.1 | 10 / 4 | |
| 0.2125.0 | 10 / 4 | |
| 0.2124.7 | 10 / 4 | |
| 0.2124.6 | 10 / 4 | |
| 0.2124.5 | 10 / 4 | |
| 0.2124.4 | 10 / 4 | |
| 0.2124.3 | 10 / 4 | |
| 0.2124.2 | 10 / 4 | |
| 0.2124.1 | 10 / 4 | |
| 0.2124.0 | 10 / 4 | |
| 0.2123.0 | 10 / 4 | |
| 0.2122.0 | 10 / 4 | |
| 0.2121.0 | 10 / 4 | |
| 0.2120.0 | 10 / 4 | |
| 0.2119.0 | 10 / 4 | |
| 0.2118.1 | 10 / 4 | |
| 0.2118.0 | 10 / 4 | |
| 0.2117.0 | 10 / 4 | |
| 0.2116.3 | 10 / 4 | |
| 0.2116.2 | 10 / 4 | |
| 0.2116.1 | 10 / 4 | |
| 0.2116.0 | 10 / 4 | |
| 0.2115.1 | 10 / 4 | |
| 0.2115.0 | 10 / 4 | |
| 0.2114.2 | 10 / 4 | |
| 0.2114.1 | 10 / 4 | |
| 0.2114.0 | 10 / 4 | |
| 0.2113.1 | 10 / 4 | |
| 0.2113.0 | 10 / 4 | |
| 0.2112.0 | 10 / 4 | |
| 0.2111.0 | 10 / 4 | |
| 0.2110.0 | 10 / 4 | |
| 0.2109.0 | 10 / 4 | |
| 0.2108.1 | 10 / 4 | |
| 0.2108.0 | 10 / 4 | |
| 0.2107.1 | 10 / 4 | |
| 0.2107.0 | 10 / 4 | |
| 0.2106.1 | 10 / 4 | |
| 0.2106.0 | 10 / 4 | |
| 0.2105.0 | 10 / 4 | |
| 0.2104.9 | 10 / 4 | |
| 0.2104.8 | 10 / 4 | |
| 0.2104.7 | 10 / 4 | |
| 0.2104.6 | 10 / 4 | |
| 0.2104.5 | 10 / 4 | |
| 0.2104.4 | 10 / 4 | |
| 0.2104.3 | 10 / 4 | |
| 0.2104.2 | 10 / 4 | |
| 0.2104.1 | 10 / 4 | |
| 0.2104.0 | 10 / 4 | |
| 0.2103.2 | 10 / 4 | |
| 0.2103.1 | 10 / 4 | |
| 0.2103.0 | 10 / 4 | |
| 0.2102.0 | 10 / 4 | |
| 0.2101.1 | 10 / 4 | |
| 0.2101.0 | 10 / 4 | |
| 0.2100.0 | 10 / 4 | |
| 0.2099.1 | 10 / 4 | |
| 0.2099.0 | 10 / 4 | |
| 0.2098.0 | 10 / 4 | |
| 0.2097.3 | 10 / 4 | |
| 0.2097.2 | 10 / 4 | |
| 0.2097.1 | 10 / 4 | |
| 0.2097.0 | 10 / 4 | |
| 0.2096.1 | 10 / 4 | |
| 0.2096.0 | 10 / 4 | |
| 0.2095.0 | 10 / 4 | |
| 0.2094.3 | 10 / 4 | |
| 0.2094.2 | 10 / 4 | |
| 0.2094.1 | 10 / 4 | |
| 0.2094.0 | 10 / 4 | |
| 0.2093.1 | 10 / 4 | |
| 0.2093.0 | 10 / 4 | |
| 0.2092.3 | 10 / 4 | |
| 0.2092.2 | 10 / 4 | |
| 0.2092.1 | 10 / 4 | |
| 0.2092.0 | 10 / 4 | |
| 0.2091.2 | 10 / 4 | |
| 0.2091.1 | 10 / 4 | |
| 0.2091.0 | 10 / 4 |
v0.2134.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2134.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2134.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2133.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2132.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2131.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2131.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2131.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2131.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2131.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2130.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2129.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2129.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2128.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2128.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2127.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2126.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2126.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2126.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2126.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2125.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2125.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2124.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2123.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2122.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2121.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2120.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2119.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2118.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2118.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2117.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2116.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2116.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2116.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2116.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2115.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2115.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2114.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2114.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2114.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2113.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2113.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2112.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2111.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2110.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2109.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2108.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2108.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2107.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2107.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2106.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2106.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2105.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2104.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2103.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2103.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2102.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2101.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2101.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2100.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2099.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2099.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2098.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2097.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2097.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2097.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2097.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2096.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2096.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2095.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2094.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2094.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2094.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2094.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2093.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2093.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2092.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2092.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2092.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2092.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2091.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2091.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2091.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.