← Home

@mastra/voice-cloudflare

npm Repository Homepage

Mastra Cloudflare AI voice integration

11
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

smthomasabhiaiyertaofeeq-deruehinderocalcsamrase-wardpeettylerbarnesnikaiyer

Keywords

mastracloudflarettssttopen-sourcespeech-to-texttext-to-speechspeech-recognition

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/_types/@internal_voice/dist/_types/@internal_ai-sdk-v5/dist/index.d.ts AI (source-diff): Generated TypeScript declaration bundle; long lines are normal for bundled .d.ts files, not obfuscation. ai
source-diff large-new-source-files AI (source-diff): Size increase driven by bundled internal type declarations from monorepo packages, not injected payloads. ai
source-diff source-size-tripled AI (source-diff): Explained by inclusion of bundled .d.ts type files from internal monorepo dependencies. ai
phantom-deps phantom-dep:zod AI (phantom-deps): zod is declared and used in validation; false positive for TypeScript packages. ai
dependencies unvetted-dep:cloudflare AI (dependencies): cloudflare SDK is the expected runtime dep for a Cloudflare AI voice integration package. ai

Versions (showing 11 of 11)

Version Deps Published
0.12.2 2 / 11
0.12.1 1 / 12
0.11.12 1 / 11
0.11.3 1 / 11
0.10.5 2 / 9
0.10.4 2 / 9
0.10.3 2 / 9
0.10.0 2 / 9
0.1.10 3 / 8
0.1.9 3 / 8
0.1.8 3 / 8

v0.12.2

2 findings
HIGH New obfuscated file: dist/_types/@internal_voice/dist/_types/@internal_ai-sdk-v5/dist/index.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.