@malloydata/malloy-filter

Parsers for the Malloy filtering sub-languages

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

malloy-lang-usergmadenscullinmtoy

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed by SLSA provenance attestation; stable pattern for this package going forward.	ai	2026/05/22
phantom-deps	phantom-dep:luxon	AI (phantom-deps): luxon is a runtime dep used indirectly by parser/filter logic; phantom-dep heuristic is a stable FP for this package.	ai	2026/05/05
phantom-deps	phantom-dep:jest-diff	AI (phantom-deps): jest-diff used in test/config context; phantom-dep heuristic is a stable FP for this package.	ai	2026/05/05

Versions (showing 100 of 125)

Version	Deps	Published
0.0.405	2 / 3	2026-06-04
0.0.404	2 / 3	2026-06-04
0.0.403	2 / 3	2026-05-28
0.0.402	2 / 3	2026-05-28
0.0.401	2 / 3	2026-05-27
0.0.400	2 / 3	2026-05-26
0.0.399	2 / 3	2026-05-25
0.0.398	2 / 3	2026-05-23
0.0.397	2 / 3	2026-05-23
0.0.396	2 / 3	2026-05-21
0.0.395	2 / 3	2026-05-14
0.0.394	2 / 3	2026-05-13
0.0.393	2 / 3	2026-05-07
0.0.392	2 / 3	2026-05-07
0.0.391	2 / 3	2026-05-02
0.0.390	2 / 3	2026-05-02
0.0.389	2 / 3	2026-05-02
0.0.388	2 / 3	2026-05-01
0.0.387	2 / 3	2026-04-28
0.0.386	2 / 3	2026-04-28
0.0.385	2 / 3	2026-04-27
0.0.384	2 / 3	2026-04-27
0.0.383	2 / 3	2026-04-26
0.0.382	2 / 3	2026-04-23
0.0.381	2 / 3	2026-04-22
0.0.380	2 / 3	2026-04-17
0.0.379	2 / 3	2026-04-17
0.0.378	2 / 3	2026-04-16
0.0.377	2 / 3	2026-04-14
0.0.376	2 / 3	2026-04-14
0.0.375	2 / 3	2026-04-13
0.0.374	2 / 3	2026-04-10
0.0.373	2 / 3	2026-04-10
0.0.372	2 / 3	2026-04-08
0.0.371	2 / 3	2026-04-08
0.0.370	2 / 3	2026-04-05
0.0.369	2 / 3	2026-04-02
0.0.368	2 / 3	2026-04-01
0.0.367	2 / 3	2026-03-25
0.0.366	2 / 3	2026-03-24
0.0.365	2 / 3	2026-03-23
0.0.364	2 / 3	2026-03-23
0.0.363	2 / 3	2026-03-22
0.0.362	2 / 3	2026-03-17
0.0.361	2 / 3	2026-03-14
0.0.360	2 / 3	2026-03-12
0.0.359	2 / 3	2026-03-12
0.0.358	2 / 3	2026-03-11
0.0.357	2 / 3	2026-03-11
0.0.356	2 / 3	2026-03-11
0.0.355	2 / 3	2026-03-11
0.0.354	2 / 3	2026-03-10
0.0.353	2 / 3	2026-03-08
0.0.352	2 / 3	2026-03-07
0.0.351	2 / 3	2026-03-07
0.0.350	4 / 4	2026-03-03
0.0.349	4 / 4	2026-02-26
0.0.348	4 / 4	2026-02-26
0.0.347	4 / 4	2026-02-25
0.0.346	4 / 4	2026-02-25
0.0.345	4 / 4	2026-02-25
0.0.344	4 / 4	2026-02-21
0.0.343	4 / 4	2026-02-19
0.0.342	4 / 4	2026-02-18
0.0.341	4 / 4	2026-02-17
0.0.340	4 / 4	2026-02-17
0.0.339	4 / 4	2026-02-15
0.0.338	4 / 4	2026-02-15
0.0.337	4 / 4	2026-02-13
0.0.336	4 / 4	2026-02-07
0.0.335	4 / 4	2026-01-17
0.0.334	4 / 4	2026-01-09
0.0.333	4 / 4	2026-01-07
0.0.332	4 / 4	2026-01-02
0.0.331	4 / 4	2025-12-31
0.0.330	4 / 4	2025-12-24
0.0.329	4 / 4	2025-12-23
0.0.328	4 / 4	2025-12-23
0.0.327	4 / 4	2025-12-20
0.0.326	4 / 4	2025-12-13
0.0.325	4 / 4	2025-12-05
0.0.324	4 / 4	2025-11-22
0.0.323	4 / 3	2025-11-15
0.0.322	4 / 3	2025-11-13
0.0.321	4 / 3	2025-11-07
0.0.320	4 / 3	2025-11-07
0.0.319	4 / 3	2025-11-01
0.0.318	4 / 3	2025-10-27
0.0.317	4 / 3	2025-10-24
0.0.316	4 / 3	2025-10-23
0.0.315	4 / 3	2025-10-11
0.0.314	4 / 3	2025-10-02
0.0.313	4 / 3	2025-09-24
0.0.312	4 / 3	2025-09-22
0.0.311	4 / 3	2025-09-19
0.0.310	4 / 3	2025-09-12
0.0.309	4 / 3	2025-09-07
0.0.308	4 / 3	2025-08-29
0.0.307	4 / 3	2025-08-26
0.0.306	4 / 3	2025-08-21

Showing 100 of 125 Next page →

v0.0.405

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.404

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.403

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.402

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.401

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.400

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.399

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.398

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.397

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.396

2 findings

HIGH Publisher changed: scullin → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.