← Home
@mondaydotcomorg/atp-provenance
MIT
29 versions
@mondaydotcomorg/atp-provenance
CAMEL-inspired provenance security for LLM applications - track data origin and enforce security policies
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
yairfeavivdasaarartomramuyonahareljoshpe-mondayalonbehaimsergeyroytantonru92laviomrishanibenaderetmondayvitalimadarmondayaviel_mondayhadaspeshayelmodnaychristopher-nowakvladmondayella-miliorkeomermondayrutikeveshaf8811avihayavcsalomaneran.hubermandanielabmoshikaviv_go_npmdanielb-bladepoporibaoronmelleryglaubachayelet-mondaydanielle.ahidohaynavecohensaharbtombogbarakbeidoyana-mondaylorin-totahoronmondaynik-savchenkotomerfriedmanyosefwigor_budimatanyaw2nirlachmanorrgottlsebastian-curland-mndyyuly-robermanamirbardugobarcohen2illyayutootmoranfreak4pcmateuszwoamit_hanochdorhasongal_libermannoamn3kronachmany-mondayshahafmelamedyuvalbbenpidorshakedmickael_firstitaycohenmayaheilbrunventuramdudidorongoralthshaieturi-shmuelianatkatzshalomsteinbachannasoboazjofirmonsingoshaneeavifreegeliorrabinvirtserssddnodepablo-mdcamitbiranorelhazroyna-devsergeybrofirc-mondaynizansharavashavnerhaidanklingeraxelstdanielkheyfetscarloscr.mondaylorenzo.paaviv_gogiuliofilahav_p_mondayheshamgotaniasilvabenymondaydanielokaninneomi_shavitshaikatzzarielmondayguywatomsap-mondaylukaszf-mondayliranrorlicheran-cohenmaya-assayagrami-mondayalonbrimerethans-mondaywitoldtkerlich75adamfloorlahavpomernave1rankupmondaybuzagloidanjeandavidmeromcoarnonrgodanapoannasolomonikmitzafon-mondayyoavgalueranshiranbirenbaumnicole_kezlikmichalsz-mondaymickey_mondayitamartedor-cohenliranbinasif_mondaylotemkirshorihassid2507itaymndyeyalmuarekze-mondayibmondayvikas-mondayalonmulukaszfiszer-mondaymarszelun-mondayarnongumarekpeharelcohenameerdokamiedekelabehadascoalonsadanrama-rongilby1galor-mondayran-haveshush-mondaymichaelsimkinbarakbsedenhayatrachelikaliorfranyatchernishovnadavavthierryguynirarazi.mondayedenberdugoneilmonalonzirongabbayetgarmonronniemimoshe-samsonadamru-mondaygauravsh-mondayshlomiatmondayandrey-palmanleonidkrtomzohshirsharmonday-grahamlayoni-alaluftomer-gillmorerobertdasaarbatalsofferalonlestasshwataliareidanmondayraneldanbarosenrotemda10vladislavmoyardendvchensaryuvalgrjohhh_mondayandreihryhoryeuinbaldgjosephsamondaykubakolybaczbanueldomoriatmatanlaavivgialonschatzidanordanamumondaymichallorsrdjan-mondayggaallshanmondaytomerzloophirdojohnny-morfilip-daca-mondayurielwasyngchrisbamondayamitmazor37jakubmoflistoded_by_mondaymichaljanovroamitcogalspmondayyaaraweinbaltaorelco2eyallealexjalbaamithadarradva-gonshrotemseaviyaselarichardmaorcomondayronov1shoshanynaamayagalko_mondaynadavshteinbergelenaliyovelnaroteminbarmayanraficalisadanivsatalbe197dave-rosebergernadavguhosannaougregra81bernardpo-mondayeviatharmnoaraposhayalhadarzaronavmondaytaniasigal_finger_mondaylirondolihibmmichaelimasyoavtekanganmarta-mondayarielklmichalbeldyh1213dvirpeshaharshakitomasztarczynskisimonshshalevkemaor-barazanimarcinko-mondaydanielga-mondayeliyaplsapir_baryavgenypaomergrinigorczmayaisyoavsttim-mondaygalbralonagegil_zilbermanleimoniomndadirhgrzegorzrojekorilatomhousmantomkochromkadrialiorshwnivyahyotamhermesroni-ben-aharontomnisimmoro256litalwshirazbehar2cezarylavasilyklaviel_hershkovitzanyakhmayabarkanmatanmamanbenmamondaydoron.brikmanliorl-mondaytalhararitalshetsemachlilotanyuranramhillelidangaadam_scottpiotrdu-mondayephraimgrjakubso2749yevgenilidorsimmmichaelvamondaynettazigioraguatmondayyahorzhshaharzianastasiyakhomrialpolinanadongwhiatmondayjonathanbibasofir-efraimmiloszpi-mondaykarolszmndyyardengavdanielmo-mondayorly_spivaktalketalibl.mondaysandeepkmondayorfriwaseemabnoy-diamantamirkeantonigmashb22neyemaawmeirawislovskyrzmndrangr-mondayyossisaadi.mondayjonathansetheidoguyhadasdoryehudaronco99olegsh_mondayjr-mondayomerradaniel_barashitaimondayirawironapeitamarshsergeiliamichaymondaydord2ronenmoyuvalbatashgiladar-mondaygiladscjonmathewsmondaymiritwodavidgohbergmaor-kaitamarchdanimaniamiteysivansolmagnus_gabornofarmooliviadayuliagoldbergarielgrgalfaalexpoalonaavnuriel_mondaypiotrkoronifischlimyonatanbi-mondaylauremoben_levyehuda_npm2lidornitzanaranweb-mondayhananmaeladna-mondaydorsimm2naorssamwilukaszmichuziabasafswadmonsatalkorv0vs-mondayliran-brimer-mondayj3nn4pavivzafraniyoniho_mnatalyrapinizovickyhitiagopi-mondayomrico100danielepidanmoraladirmonidohatomerganegevmaroeefa88yosia1990rivkaungarnogakrilmaornakasheliyahumanymondayadirhaziz2mikidavidiamichaltori-mondayalongolokinerethanatishshalevhadkuzaleksnatanrolnik_mndkapusjdoronsiavileviliranroorizvidamondayalexpekamalwo-mondayasaf472mondaymia-hohadla-mondaylaurazajdnermeirav_ronnpm-vibeboazanaeviatarsayaairalnoamco-mondaymia_newmannurkiewicznoamst-mondaymichael-azimovnitzanshisaridandavidcoopertomreedeschanlerhilineemanyuvalseidanpedronilaitaykalmoshiko_ben_avimondayshpiglifynoamagoodmandimaalgadshrotemdushirakohavimaxime.mondaydanielvagabriel.amraminbalzitomasz-fijalkowski-mondayalmogrudaniilvomondayjohnbashanyeroni_adarthomasjo25tomaszlamondayeden-eitanitom-katzdoniawaedogr1yonataneleladdolukasz-dudzinskitom_shlomikaitlynloodedsandaknoelia-mondaydinmaaniugbopaulinalaskohodayaiseinatboalexandrzhmichalpl-mondayiradcoziv-shechtmannitzanholmes718eliasgaidoagitaysimjacksnettyoniho_mondayroiatiasraunaq-mondayeladmondaytomasfelderibgudmanneriri14maanumeodedsaran_zarbivitcerbyseanch.mondaytadlamnir1111antonludaniellevertmanartemch-extlglynn13tslilbutamarch.monday.comalonsimondayyaellirachelskneta-nachmias-cohenbrittdalilach.kimhi.rossmanaliciareidyshahargmndamitlisimontakevinmondayronilevitlaurefegatzmonamirmatalon87ramamityoniarvivkrzysztoffimondaycountach88ronbrannapalganadiaddanielwejanbr-ctrlortalgudismelissalmayorasshaipa-uxrmidatafarmarcin-gabalonedelmanmonday1bepomndymulhamhaorromonksushakmaslomonday2sharon-sotalbamakuba_niemiecyoavroofekpintoknadavhachamovnitai-monday-npmnadavkoshirawegrzegorzswcoralinamitbenmorlaver_mondaysimohanounaohad-katzavguykorenmeytalfredavidbr1donia2610nicole_kezlik2awallace327kamieshamischnitzer1galbenoziliomdymortzmondayyonatanlemahmoudna-mondayromanshapransarusiliorla13liors619dh94adamyahidhagaiweyoni-mondayshirlyraomerfoxrivkapelegjakubrohledermaslomaslo5mohamedigtomaszjackowiakshayo-arraphaeloufabiotaatmondayishandua-mondayhadarahtomrezmatthewtoilyamezidozitdamianmarek-mondaysheenananurenbergvovarangr1-mondayandrewlo-mondaynaormondaymaxdv-4016katedubouskayaliortalmondaymaor-karohadargevadominikko-mondaynovrosenamnharveyr-mondayramimonday90ranku_mondayedenbenegevma2eyalmondaychenbeturdorbi_mondayidanpeduiemst_tomerthibaudduavilevi768988tomerstrivkasc2naorsmondayyuval-moshe-mndyyardenlicarmeldahanofekkisagilinshitsjohnnpmman2025shaygrjeremybarneidozibarakzashamilgibukun-mondaysagibarkol89alonsegalofrichenyuvallev-mondayshannon-mondayjoel-mondaymichaelozmondaybenlivniapeslinnaorsolmondaysergeytsibulnik3jonathanadlerliatyaalonmorgenellaportnovadelebemichaelaritamarhileahorlinruthiedaramirferonykrishtalitaypa777reutlevyeithanhollandermondaybenhagiladomyuriisrohyiamirnajjarmohamedig1odedgonuri-mondaynavelelironamzivha-mondayshirzazvimintsasif_d_dromihilakislevtommateran_zidkiyastavraozkamaofirstdordvalonadadvirshtamarshemark-watkin-mondayshimony-urieltzvico-mondayasafbashiriohadleshnoor-mondayaviramashkenazi-monjihyunum-mondaydanielkorichguymarushchenkobruchim_mondaytomda-mondaymiroslawwonickday-mondayyuvalpadanamalpiroeiyaiddoalmichaldayuvalezkerensoyaarmaypazroiemondayhadarlibmannetaezra1guybe-mondayamitsabag1lorengomusayedahamitreedendoron-mondayfranekmondaylinoymargannoam-yehudasergeisamatanmeyoavkularoniavmonadavsofivaprzemyslawbadiknafoalekseiilandreiyubargaldtbreuerweilyanivridelmichalbudziakurasmulayanhamoshe1100moranosssergeym-mondaylevkomondayyonatanc163matkotolegkaplunohad-mondayandreyolnetta-schezkibotwinickwitosguysimaimonday
Keywords
provenancesecurityatpllmprompt-injectioncamelagentcapability-based-security
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|
| phantom-deps |
phantom-dep:@types/escodegen |
AI (phantom-deps): @types/escodegen is a type-only package used at build time; not imported at runtime, stable false positive. |
ai |
|
Versions (showing 29 of 29)
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.