@lynx-js/web-core-canary
This is an internal experimental package, do not use
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@lynx-js/web-worker-runtime | AI (phantom-deps): Same-org canary dep; declared for consumers but may be bundled/re-exported rather than directly imported. | ai | |
| phantom-deps | phantom-dep:@lynx-js/web-mainthread-apis | AI (phantom-deps): Same-org canary dep; declared for consumers but may be bundled/re-exported rather than directly imported. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() in WASM JS glue code (wbg bindings); standard pattern, not obfuscation. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal experimental canary package; sparse README and no keywords are expected for this type of package. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 0.21.0 | 3 / 11 | |
| 0.20.4 | 3 / 11 | |
| 0.20.3 | 3 / 11 | |
| 0.20.2 | 3 / 11 | |
| 0.20.1 | 3 / 11 | |
| 0.20.0 | 3 / 11 | |
| 0.19.8 | 5 / 2 | |
| 0.19.5 | 5 / 2 | |
| 0.19.3 | 5 / 2 | |
| 0.19.2 | 5 / 2 | |
| 0.19.0 | 5 / 2 | |
| 0.18.4 | 5 / 2 | |
| 0.18.2 | 5 / 2 | |
| 0.13.1 | 5 / 2 |
v0.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.