@mastra/deployer-cloudflare Apache-2.0 27 versions

@mastra/deployer-cloudflare

npm Repository Homepage

A Cloudflare Workers deployer for Mastra applications.

27

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

smthomasabhiaiyertaofeeq-deruehinderocalcsamrase-wardpeettylerbarnesnikaiyer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	rapid-publish	AI (publish-pattern): Automated CI/CD monorepo releases consistently publish rapidly; stable pattern for this package.	ai	2026/06/04
npm-metadata	no-description	AI (npm-metadata): Package has no description across all versions; not indicative of malicious intent for this established package.	ai	2026/06/04
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publisher is confirmed legitimate by SLSA provenance attestation from the official mastra-ai/mastra repo.	ai	2026/05/05
dependencies	unvetted-dep:cloudflare	AI (dependencies): Official Cloudflare SDK; expected runtime dependency for a Cloudflare deployer package.	ai	2026/05/01
phantom-deps	phantom-dep:cloudflare	AI (phantom-deps): Cloudflare SDK used via config/wrangler integration, not direct import; stable pattern for this deployer package.	ai	2026/04/29
phantom-deps	phantom-dep:rollup-plugin-esbuild	AI (phantom-deps): Build plugin referenced in tsup/rollup config files, not imported directly; expected for a build-tool package.	ai	2026/04/29

Versions (showing 27 of 27)

Version	Deps	Published
1.1.40	6 / 14	2026-06-03
1.1.38	6 / 14	2026-05-27
1.1.37	6 / 14	2026-05-20
1.1.36	6 / 14	2026-05-15
1.1.35	6 / 14	2026-05-14
1.1.34	6 / 14	2026-05-13
1.1.33	6 / 14	2026-05-13
1.1.32	6 / 14	2026-05-05
1.1.30	6 / 14	2026-05-01
1.1.29	6 / 14	2026-04-30
1.1.28	6 / 14	2026-04-29
1.1.27	6 / 14	2026-04-29
1.1.26	6 / 14	2026-04-24
1.1.24	6 / 14	2026-04-22
1.1.19	6 / 14	2026-04-03
1.1.16	6 / 14	2026-03-31
1.1.5	6 / 14	2026-02-25
1.1.4	6 / 14	2026-02-24
1.1.3	6 / 14	2026-02-23
1.1.0	6 / 14	2026-02-11
1.0.3	6 / 14	2026-02-04
0.14.25	6 / 12	2025-12-10
0.14.24	6 / 12	2025-12-09
0.14.22	6 / 12	2025-11-21
0.14.21	6 / 12	2025-11-20
0.14.18	6 / 12	2025-11-14
0.14.17	6 / 12	2025-11-05

v1.1.40

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.38

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.37

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.34

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.33

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.24

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.5

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.4

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-02-24) provenance

This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.3

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-02-23) provenance

This version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-02-04) provenance

This version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.25

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2025-12-10) provenance

This version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.24

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2025-12-09) provenance

This version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.