@modular-prompt/driver
AIモデルドライバーパッケージ - 様々なAIプロバイダーとの統一されたインターフェースを提供。
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:google-auth-library | AI (phantom-deps): google-auth-library is a declared runtime dep used transitively via @google-cloud/vertexai; phantom-dep heuristic false positive. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): MLX setup script for AI/LLM driver; non-blocking (|| true), consistent with package purpose and CI provenance. | ai | |
| phantom-deps | phantom-dep:js-yaml | AI (phantom-deps): js-yaml is a declared runtime dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/js-yaml | AI (phantom-deps): Type-only package loaded by convention; stable false positive for this package. | ai |
Versions (showing 11 of 11)
| Version | Deps | Published |
|---|---|---|
| 0.13.2 | 11 / 9 | |
| 0.12.0 | 10 / 8 | |
| 0.11.12 | 10 / 8 | |
| 0.11.9 | 10 / 8 | |
| 0.11.8 | 10 / 8 | |
| 0.11.4 | 10 / 8 | |
| 0.11.2 | 10 / 8 | |
| 0.11.0 | 10 / 8 | |
| 0.10.6 | 10 / 8 | |
| 0.4.6 | 9 / 8 | |
| 0.4.5 | 9 / 8 |
v0.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.12
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.9
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.8
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.4
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.2
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.6
2 findingsScript: node scripts/setup-mlx.js || true
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.