← Home

@mastra/mongodb

npm Repository Homepage

MongoDB provider for Mastra - includes vector store capabilities

6
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

smthomasabhiaiyertaofeeq-deruehinderocalcsamrase-wardpeettylerbarnesnikaiyer

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:cloudflare AI (dependencies): cloudflare dep appears config-only (phantom-dep accepted); stable pattern for this package. ai
phantom-deps phantom-dep:cloudflare AI (phantom-deps): cloudflare dep appears in package.json for this MongoDB provider; likely used in shared build/config context across the monorepo. ai

Versions (showing 6 of 6)

Version Deps Published
1.7.4 3 / 11
1.7.3 3 / 11
1.7.1 3 / 11
1.7.0 3 / 11
1.6.2 3 / 11
1.6.1 3 / 11

v1.7.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.