@medplum/agent Apache-2.0 15 versions

@medplum/agent

npm Repository Homepage

Medplum Agent

15

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

codyebbersonreshmakhrahul1

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	encoded-string-file:dist/cjs/index.cjs	AI (source-diff): Long strings are DICOM medical data dictionaries bundled into CJS dist; not obfuscated payloads.	ai	2026/05/14
publish-pattern	dormant-publish	AI (publish-pattern): Large version jump (v4→v5) with SLSA provenance; dormancy reflects release cadence, not takeover.	ai	2026/05/14
phantom-deps	phantom-dep:winston	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06
phantom-deps	phantom-dep:iconv-lite	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06
phantom-deps	phantom-dep:dcmjs-dimse	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06
phantom-deps	phantom-dep:ws	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06
phantom-deps	phantom-dep:@medplum/core	AI (phantom-deps): Same-org monorepo dep; bundled at build time.	ai	2026/05/06
phantom-deps	phantom-dep:winston-daily-rotate-file	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06
phantom-deps	phantom-dep:@medplum/hl7	AI (phantom-deps): Same-org monorepo dep; bundled at build time.	ai	2026/05/06
phantom-deps	phantom-dep:semver	AI (phantom-deps): Bundled package; deps resolved at build time, not directly imported in source.	ai	2026/05/06

Versions (showing 15 of 15)

Version	Deps	Published
5.1.15	8 / 6	2026-06-03
5.1.14	8 / 6	2026-06-01
5.1.13	8 / 6	2026-05-20
5.1.12	8 / 6	2026-05-17
5.1.11	8 / 6	2026-05-06
5.1.10	8 / 6	2026-05-01
5.1.9	8 / 6	2026-04-24
5.1.8	8 / 6	2026-04-14
5.1.7	8 / 6	2026-04-08
4.1.18	5 / 6	2026-01-23
4.1.17	5 / 6	2026-01-16
4.1.16	5 / 6	2025-12-13
4.1.15	5 / 6	2025-12-13
4.1.14	5 / 6	2025-12-13
4.1.13	5 / 6	2025-12-12

v5.1.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.8

2 findings

HIGH Long encoded string in modified file: dist/cjs/index.cjs source-diff

Modified file contains 24 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.7

2 findings

HIGH Long encoded string in modified file: dist/cjs/index.cjs source-diff

Modified file contains 24 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.