← Home

@live-change/db-admin

npm
19
Versions
ISC
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@fortawesome/fontawesome-free AI (phantom-deps): Config-referenced UI dependency; stable pattern for this package. ai
dependencies unvetted-dep:prism-es6 AI (dependencies): Syntax highlighting library; no malicious indicators; stable dep in this UI admin package. ai
dependencies unvetted-dep:v-shared-element AI (dependencies): Vue shared element transition library; no malicious indicators; pinned version in a UI package. ai
npm-metadata no-description AI (npm-metadata): Long-lived package with 394 versions; missing description is a cosmetic issue. ai
bogus-package bogus-package AI (bogus-package): Frontend app package; missing description/keywords/repo URL is cosmetic, not indicative of malice given 394-version history. ai
phantom-deps phantom-dep:primeicons AI (phantom-deps): Icon font referenced in config; stable false positive. ai
phantom-deps phantom-dep:compression AI (phantom-deps): Server middleware referenced indirectly; stable false positive. ai
phantom-deps phantom-dep:@vueuse/core AI (phantom-deps): Frontend dep referenced in config; stable false positive. ai
phantom-deps phantom-dep:serve-static AI (phantom-deps): Server dep referenced indirectly; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao AI (phantom-deps): Same-org dep; stable false positive. ai
phantom-deps phantom-dep:vue-prism-editor AI (phantom-deps): Frontend dep in config; stable false positive. ai
phantom-deps phantom-dep:codeceptjs-assert AI (phantom-deps): Test dep referenced in config; stable false positive. ai
semgrep semgrep:eval-usage AI (semgrep): eval used on internally-constructed code in a path parser; not user-controlled external input. ai
phantom-deps phantom-dep:tailwindcss-primeui AI (phantom-deps): CSS plugin in config; stable false positive. ai
phantom-deps phantom-dep:javascript-stringify AI (phantom-deps): Utility dep in config; stable false positive. ai
phantom-deps phantom-dep:serialize-javascript AI (phantom-deps): SSR utility in config; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-sockjs AI (phantom-deps): Same-org dep; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-message AI (phantom-deps): Same-org dep; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-websocket AI (phantom-deps): Same-org dep; stable false positive. ai
phantom-deps phantom-dep:rollup-plugin-node-builtins AI (phantom-deps): Build tool in config; stable false positive. ai
phantom-deps phantom-dep:vue3-scroll-border AI (phantom-deps): Frontend dep in config; stable false positive. ai
phantom-deps phantom-dep:prismjs AI (phantom-deps): CSS/config-referenced dep in a frontend package; stable false positive. ai
phantom-deps phantom-dep:cross-env AI (phantom-deps): Used in npm scripts only; phantom-dep false positive for this package. ai
phantom-deps phantom-dep:primeflex AI (phantom-deps): Frontend CSS framework referenced in config; stable false positive. ai
phantom-deps phantom-dep:prism-es6 AI (phantom-deps): Referenced in config files; stable false positive for this package. ai

Versions (showing 19 of 119)

Version Deps Published
0.9.89 35 / 9
0.9.88 35 / 9
0.9.87 35 / 9
0.9.86 35 / 9
0.9.85 35 / 9
0.9.84 35 / 9
0.9.83 35 / 9
0.9.82 35 / 9
0.9.81 35 / 9
0.9.80 35 / 9
0.9.79 35 / 9
0.9.78 35 / 9
0.9.77 35 / 9
0.9.76 35 / 9
0.9.75 35 / 9
0.9.74 35 / 9
0.9.73 35 / 9
0.9.72 35 / 9
0.9.71 35 / 9

v0.9.89

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.88

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.87

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.86

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.85

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.84

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.83

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.82

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.81

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.80

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.79

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.78

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.77

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.76

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.75

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.74

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.73

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.72

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.71

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.