@mikro-orm/postgresql No license 38 versions

@mikro-orm/postgresql

npm Repository Homepage

38

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

b4nan

Keywords

data-mapperdddentityidentity-mapjavascriptjsmariadbmikro-ormmongomongodbmysqlormpostgresqlsqlitesqlite3tstypescriptunit-of-work

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from maintainer to GitHub Actions CI/CD publishing; SLSA attestation confirms legitimacy.	ai	2026/05/30
dependencies	unvetted-dep:@mikro-orm/knex	AI (dependencies): Same-monorepo sibling package; unvetted status is a pipeline gap, not a real supply chain risk for this package.	ai	2026/05/26
dependencies	unvetted-dep:pg-cursor	AI (dependencies): Standard PostgreSQL cursor library; expected dependency for this ORM driver.	ai	2026/04/29
dependencies	unvetted-dep:@mikro-orm/sql	AI (dependencies): Core mikro-orm SQL package; expected sibling dependency in the monorepo.	ai	2026/04/29

Versions (showing 38 of 38)

Version	Deps	Published
7.1.4	7 / 1	2026-06-06
7.1.3	7 / 1	2026-05-31
7.1.2	7 / 1	2026-05-29
7.1.1	7 / 1	2026-05-22
7.1.0	7 / 1	2026-05-20
7.0.17	7 / 1	2026-05-17
7.0.16	7 / 1	2026-05-14
7.0.15	7 / 1	2026-05-09
7.0.14	7 / 1	2026-05-04
7.0.13	7 / 1	2026-04-27
7.0.12	7 / 1	2026-04-23
7.0.11	7 / 1	2026-04-16
7.0.10	7 / 1	2026-04-10
7.0.9	7 / 1	2026-04-06
7.0.8	7 / 1	2026-04-01
7.0.7	7 / 1	2026-03-31
7.0.6	7 / 1	2026-03-26
7.0.5	7 / 1	2026-03-23
7.0.4	7 / 1	2026-03-20
7.0.3	7 / 1	2026-03-18
7.0.2	7 / 1	2026-03-14
7.0.1	7 / 1	2026-03-11
7.0.0	7 / 1	2026-03-11
6.6.14	5 / 1	2026-05-04
6.6.13	5 / 1	2026-04-10
6.6.12	5 / 1	2026-04-01
6.6.11	5 / 1	2026-03-31
6.6.10	5 / 1	2026-03-26
6.6.9	5 / 1	2026-03-05
6.6.8	5 / 1	2026-03-01
6.6.7	5 / 1	2026-02-15
6.6.6	5 / 1	2026-01-30
6.6.5	5 / 1	2026-01-21
6.6.4	5 / 1	2026-01-14
6.6.3	5 / 1	2026-01-04
6.6.2	5 / 1	2025-12-07
6.6.1	5 / 1	2025-11-25
6.6.0	5 / 1	2025-11-11

v7.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.6

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.5

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.4

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.3

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-18) provenance

This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.2

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-14) provenance

This version was published by a different npm account than previous versions on 2026-03-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.10

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.9

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-05) provenance

This version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.8

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.7

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-02-15) provenance

This version was published by a different npm account than previous versions on 2026-02-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.6

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-30) provenance

This version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.5

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-21) provenance

This version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.4

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.3

2 findings

HIGH Publisher changed: b4nan → GitHub Actions (on 2026-01-04) provenance

This version was published by a different npm account than previous versions on 2026-01-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.