@mastra/temporal Apache-2.0 14 versions

@mastra/temporal

npm Repository Homepage

Mastra Temporal workflows integration - run Mastra workflows on the Temporal durable execution platform

14

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

smthomasabhiaiyertaofeeq-deruehinderocalcsamrase-wardpeettylerbarnesnikaiyer

Keywords

mastratemporalworkflowsdurable-execution

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with Mastra org's CI/CD practices.	ai	2026/05/18
phantom-deps	phantom-dep:@temporalio/plugin	AI (phantom-deps): Declared as runtime dep for Temporal plugin integration; referenced in config, not directly imported by design.	ai	2026/05/18
npm-metadata	suspicious-initial-version	AI (npm-metadata): 0.0.0 is a standard initial monorepo publish pattern for the mastra-ai org; not indicative of malice.	ai	2026/04/29
phantom-deps	phantom-dep:@temporalio/activity	AI (phantom-deps): @temporalio/activity is a declared runtime dep used in config/type context; phantom-dep is a false positive here.	ai	2026/04/29

Versions (showing 14 of 14)

Version	Deps	Published
0.1.12	10 / 11	2026-06-04
0.1.11	10 / 11	2026-06-03
0.1.10	10 / 11	2026-06-03
0.1.9	10 / 11	2026-06-02
0.1.8	10 / 11	2026-05-27
0.1.7	10 / 11	2026-05-27
0.1.6	10 / 11	2026-05-20
0.1.5	10 / 11	2026-05-15
0.1.4	10 / 11	2026-05-14
0.1.3	10 / 11	2026-05-13
0.1.2	10 / 11	2026-05-13
0.1.1	10 / 11	2026-05-05
0.1.0	10 / 11	2026-05-04
0.0.0	9 / 11	2026-04-27

v0.1.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-14) provenance

This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-13) provenance

This version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-13) provenance

This version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-05) provenance

This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

2 findings

HIGH Publisher changed: wardpeet → GitHub Actions (on 2026-05-04) provenance

This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.