@mikro-orm/mariadb No license 38 versions

@mikro-orm/mariadb

npm Repository Homepage

38

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

b4nan

Keywords

data-mapperdddentityidentity-mapjavascriptjsmariadbmikro-ormmongomongodbmysqlormpostgresqlsqlitesqlite3tstypescriptunit-of-work

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): mikro-orm publishes via GitHub Actions CI/CD; transition from b4nan to GitHub Actions is the documented release process for this monorepo.	ai	2026/05/03
phantom-deps	phantom-dep:mariadb	AI (phantom-deps): mariadb is a declared runtime dependency used via config/driver registration, not a direct import; stable false positive for this package.	ai	2026/05/03

Versions (showing 38 of 38)

Version	Deps	Published
7.1.4	2 / 1	2026-06-06
7.1.3	2 / 1	2026-05-31
7.1.2	2 / 1	2026-05-29
7.1.1	2 / 1	2026-05-22
7.1.0	2 / 1	2026-05-20
7.0.17	2 / 1	2026-05-17
7.0.16	2 / 1	2026-05-14
7.0.15	2 / 1	2026-05-09
7.0.14	2 / 1	2026-05-04
7.0.13	2 / 1	2026-04-27
7.0.12	2 / 1	2026-04-23
7.0.11	2 / 1	2026-04-16
7.0.10	2 / 1	2026-04-10
7.0.9	2 / 1	2026-04-06
7.0.8	2 / 1	2026-04-01
7.0.7	2 / 1	2026-03-31
7.0.6	2 / 1	2026-03-26
7.0.5	2 / 1	2026-03-23
7.0.4	2 / 1	2026-03-20
7.0.3	2 / 1	2026-03-18
7.0.2	2 / 1	2026-03-14
7.0.1	2 / 1	2026-03-11
7.0.0	2 / 1	2026-03-11
6.6.14	2 / 1	2026-05-04
6.6.13	2 / 1	2026-04-10
6.6.12	2 / 1	2026-04-01
6.6.11	2 / 1	2026-03-31
6.6.10	2 / 1	2026-03-26
6.6.9	2 / 1	2026-03-05
6.6.8	2 / 1	2026-03-01
6.6.7	2 / 1	2026-02-15
6.6.6	2 / 1	2026-01-30
6.6.5	2 / 1	2026-01-21
6.6.4	2 / 1	2026-01-14
6.6.3	2 / 1	2026-01-04
6.6.2	2 / 1	2025-12-07
6.6.1	2 / 1	2025-11-25
6.6.0	2 / 1	2025-11-11

v7.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.6

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.5

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.4

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.3

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-18) provenance

This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.2

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-14) provenance

This version was published by a different npm account than previous versions on 2026-03-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.10

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.9

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.8

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.7

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-02-15) provenance

This version was published by a different npm account than previous versions on 2026-02-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.6

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-30) provenance

This version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.5

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-21) provenance

This version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.4

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.3

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-04) provenance

This version was published by a different npm account than previous versions on 2026-01-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.