@malloydata/db-mysql — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

malloy-lang-usergmadenscullinmtoy

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed by SLSA provenance attestation; stable pattern for this package going forward.	ai	2026/05/22
phantom-deps	phantom-dep:luxon	AI (phantom-deps): luxon is a runtime dep referenced in config; phantom-dep heuristic fires on this package consistently.	ai	2026/04/29
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): Framework-scoped type package; phantom-dep heuristic is a stable false positive here.	ai	2026/04/29
phantom-deps	phantom-dep:fastestsmallesttextencoderdecoder	AI (phantom-deps): Config-referenced dep; phantom-dep heuristic is a stable false positive for this package.	ai	2026/04/29

Versions (showing 100 of 136)

Version	Deps	Published
0.0.405	5 / 1	2026-06-04
0.0.404	5 / 1	2026-06-04
0.0.403	5 / 1	2026-05-28
0.0.402	5 / 1	2026-05-28
0.0.401	5 / 1	2026-05-28
0.0.400	5 / 1	2026-05-26
0.0.399	5 / 1	2026-05-25
0.0.398	5 / 1	2026-05-23
0.0.397	5 / 1	2026-05-23
0.0.396	5 / 1	2026-05-21
0.0.395	5 / 1	2026-05-14
0.0.394	5 / 1	2026-05-13
0.0.393	5 / 1	2026-05-07
0.0.392	5 / 1	2026-05-07
0.0.391	5 / 1	2026-05-02
0.0.390	5 / 1	2026-05-02
0.0.389	5 / 1	2026-05-02
0.0.388	5 / 1	2026-05-01
0.0.387	5 / 1	2026-04-28
0.0.386	5 / 1	2026-04-28
0.0.385	5 / 1	2026-04-27
0.0.384	5 / 1	2026-04-27
0.0.383	5 / 1	2026-04-26
0.0.382	5 / 1	2026-04-23
0.0.381	5 / 1	2026-04-22
0.0.380	5 / 1	2026-04-17
0.0.379	5 / 1	2026-04-17
0.0.378	5 / 1	2026-04-16
0.0.377	5 / 1	2026-04-14
0.0.376	5 / 1	2026-04-14
0.0.375	5 / 1	2026-04-13
0.0.374	5 / 1	2026-04-10
0.0.373	5 / 1	2026-04-10
0.0.372	5 / 1	2026-04-08
0.0.371	5 / 1	2026-04-08
0.0.370	5 / 1	2026-04-05
0.0.369	5 / 1	2026-04-02
0.0.368	5 / 1	2026-04-01
0.0.367	5 / 1	2026-03-25
0.0.366	5 / 1	2026-03-24
0.0.365	5 / 1	2026-03-23
0.0.364	5 / 1	2026-03-23
0.0.363	5 / 1	2026-03-22
0.0.362	5 / 1	2026-03-17
0.0.361	5 / 1	2026-03-14
0.0.360	5 / 1	2026-03-12
0.0.359	5 / 1	2026-03-12
0.0.358	5 / 1	2026-03-11
0.0.357	5 / 1	2026-03-11
0.0.356	5 / 1	2026-03-11
0.0.355	5 / 1	2026-03-11
0.0.354	5 / 1	2026-03-10
0.0.353	5 / 1	2026-03-08
0.0.352	5 / 1	2026-03-07
0.0.351	5 / 1	2026-03-07
0.0.350	5 / 1	2026-03-03
0.0.349	5 / 1	2026-02-26
0.0.348	5 / 1	2026-02-26
0.0.347	5 / 1	2026-02-25
0.0.346	5 / 1	2026-02-25
0.0.345	5 / 1	2026-02-25
0.0.344	5 / 1	2026-02-21
0.0.343	5 / 1	2026-02-19
0.0.342	5 / 1	2026-02-18
0.0.341	5 / 1	2026-02-17
0.0.340	5 / 1	2026-02-17
0.0.339	5 / 1	2026-02-15
0.0.338	5 / 1	2026-02-15
0.0.337	5 / 1	2026-02-13
0.0.336	5 / 1	2026-02-07
0.0.335	5 / 1	2026-01-17
0.0.334	5 / 1	2026-01-09
0.0.333	5 / 1	2026-01-07
0.0.332	5 / 1	2026-01-02
0.0.331	5 / 1	2025-12-31
0.0.330	5 / 1	2025-12-24
0.0.329	5 / 1	2025-12-23
0.0.328	5 / 1	2025-12-23
0.0.327	5 / 1	2025-12-20
0.0.326	5 / 1	2025-12-13
0.0.325	5 / 1	2025-12-05
0.0.324	5 / 1	2025-11-22
0.0.323	5 / 0	2025-11-15
0.0.322	5 / 0	2025-11-13
0.0.321	5 / 0	2025-11-07
0.0.320	5 / 0	2025-11-07
0.0.319	5 / 0	2025-11-01
0.0.318	5 / 0	2025-10-27
0.0.317	5 / 0	2025-10-24
0.0.316	5 / 0	2025-10-23
0.0.315	5 / 0	2025-10-11
0.0.314	5 / 0	2025-10-02
0.0.313	5 / 0	2025-09-24
0.0.312	5 / 0	2025-09-22
0.0.311	5 / 0	2025-09-19
0.0.310	5 / 0	2025-09-12
0.0.309	5 / 0	2025-09-07
0.0.308	5 / 0	2025-08-29
0.0.307	5 / 0	2025-08-26
0.0.306	5 / 0	2025-08-21

Showing 100 of 136 Next page →

v0.0.405

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.404

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.403

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.402

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.401

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.400

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.399

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.398

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.397

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.396

2 findings

HIGH Publisher changed: scullin → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.