@lvce-editor/extension-host-helper-process
2
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
levivilet
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@lvce-editor/rpc | AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@lvce-editor/assert | AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Long-lived internal package in a monorepo; empty description is a consistent pattern across versions. | ai | |
| phantom-deps | phantom-dep:got | AI (phantom-deps): got is a declared runtime dependency; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:execa | AI (phantom-deps): execa is a declared runtime dependency; phantom-dep heuristic is a false positive here. | ai |
v0.51.1
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.51.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.