@mittwald/api-models
Collection of domain models for coherent interaction with the API
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@mittwald/api-client | AI (phantom-deps): Same-org scoped package; re-exported but not directly imported. | ai | |
| phantom-deps | phantom-dep:type-fest | AI (phantom-deps): Type utility; declared for type definitions, not direct import. | ai | |
| phantom-deps | phantom-dep:object-code | AI (phantom-deps): Config-referenced dependency; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:another-deep-freeze | AI (phantom-deps): Utility declared for config; stable for this package. | ai | |
| phantom-deps | phantom-dep:tsd | AI (phantom-deps): Type definition tool; declared for build/lint config, not direct import. | ai | |
| phantom-deps | phantom-dep:context | AI (phantom-deps): Config-referenced dependency; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:polytype | AI (phantom-deps): Type utility; declared for type definitions, not direct import. | ai | |
| phantom-deps | phantom-dep:dinero.js | AI (phantom-deps): Type definitions declared; stable for this package. | ai | |
| dependencies | unvetted-dep:polytype | AI (dependencies): Stable utility dep present across many prior versions of this package; no known advisories. | ai | |
| dependencies | unvetted-dep:another-deep-freeze | AI (dependencies): Pinned at 1.0.0, stable utility dep; no known advisories. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): High-frequency publisher (455 versions) with SLSA provenance; dormancy flag is a false positive for this org's release cadence. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 4.380.0 | 8 / 25 | |
| 4.379.0 | 8 / 25 | |
| 4.378.0 | 8 / 25 | |
| 4.377.0 | 8 / 25 | |
| 4.376.0 | 8 / 25 | |
| 4.375.0 | 8 / 25 | |
| 4.374.0 | 8 / 25 | |
| 4.373.0 | 8 / 25 | |
| 4.372.0 | 8 / 25 | |
| 4.371.0 | 8 / 25 | |
| 4.370.0 | 8 / 25 | |
| 4.369.0 | 8 / 25 | |
| 4.368.0 | 8 / 25 | |
| 4.367.0 | 8 / 25 | |
| 4.366.0 | 8 / 25 | |
| 4.364.1 | 8 / 25 | |
| 4.363.0 | 8 / 25 | |
| 4.362.0 | 8 / 25 | |
| 4.361.0 | 8 / 25 | |
| 4.360.1 | 8 / 25 | |
| 4.360.0 | 8 / 25 | |
| 4.359.0 | 8 / 25 | |
| 4.358.0 | 8 / 25 | |
| 4.357.0 | 8 / 25 | |
| 4.356.1 | 8 / 25 | |
| 4.356.0 | 8 / 25 | |
| 4.355.0 | 8 / 25 | |
| 4.354.0 | 8 / 25 | |
| 4.338.1 | 8 / 25 | |
| 4.136.1 | 8 / 23 |
v4.380.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.379.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.378.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.377.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.376.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.375.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.374.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.373.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.372.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.371.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.370.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.369.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.368.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.367.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.366.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.364.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.363.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.362.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.361.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.360.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.360.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.359.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.358.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.357.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.356.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.356.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.355.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.338.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.136.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.