@mxpicture/gcp-functions-fs
Tools for google cloud functions
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@mxpicture/gcp-functions-code | AI (phantom-deps): Same-org sibling package; phantom-dep finding reflects indirect/transitive usage pattern in a monorepo, not a security concern. | ai | |
| provenance | no-provenance | AI (provenance): Package is published via GitHub Actions from a legitimate org; lack of Sigstore provenance is common and not a risk indicator for this package. | ai |
Versions (showing 100 of 410)
| Version | Deps | Published |
|---|---|---|
| 1.1.39 | 3 / 3 | |
| 1.1.38 | 3 / 3 | |
| 1.1.37 | 3 / 3 | |
| 1.1.36 | 3 / 3 | |
| 1.1.35 | 3 / 3 | |
| 1.1.34 | 3 / 3 | |
| 1.1.33 | 3 / 3 | |
| 1.1.32 | 3 / 3 | |
| 1.1.31 | 3 / 3 | |
| 1.1.30 | 3 / 3 | |
| 1.1.29 | 3 / 3 | |
| 1.1.28 | 3 / 3 | |
| 1.1.27 | 3 / 3 | |
| 1.1.26 | 3 / 3 | |
| 1.1.25 | 3 / 3 | |
| 1.1.24 | 3 / 3 | |
| 1.1.23 | 3 / 3 | |
| 1.1.22 | 3 / 3 | |
| 1.1.21 | 3 / 3 | |
| 1.1.20 | 3 / 3 | |
| 1.1.19 | 3 / 3 | |
| 1.1.18 | 3 / 3 | |
| 1.1.17 | 3 / 3 | |
| 1.1.16 | 3 / 3 | |
| 1.1.15 | 3 / 3 | |
| 1.1.14 | 3 / 3 | |
| 1.1.13 | 3 / 3 | |
| 1.1.12 | 3 / 3 | |
| 1.1.11 | 3 / 3 | |
| 1.1.10 | 3 / 3 | |
| 1.1.9 | 3 / 3 | |
| 1.1.8 | 3 / 3 | |
| 1.1.7 | 3 / 3 | |
| 1.1.6 | 3 / 3 | |
| 1.1.5 | 3 / 3 | |
| 1.1.4 | 3 / 3 | |
| 1.1.3 | 3 / 3 | |
| 1.1.2 | 3 / 3 | |
| 0.2.71 | 3 / 3 | |
| 0.2.70 | 3 / 3 | |
| 0.2.69 | 3 / 3 | |
| 0.2.68 | 3 / 3 | |
| 0.2.67 | 3 / 3 | |
| 0.2.66 | 3 / 3 | |
| 0.2.65 | 3 / 3 | |
| 0.2.64 | 3 / 3 | |
| 0.2.63 | 3 / 3 | |
| 0.2.62 | 3 / 3 | |
| 0.2.61 | 3 / 3 | |
| 0.2.60 | 3 / 3 | |
| 0.2.59 | 3 / 3 | |
| 0.2.58 | 3 / 3 | |
| 0.2.57 | 3 / 3 | |
| 0.2.56 | 3 / 3 | |
| 0.2.55 | 3 / 3 | |
| 0.2.54 | 3 / 3 | |
| 0.2.53 | 3 / 3 | |
| 0.2.52 | 3 / 3 | |
| 0.2.51 | 3 / 3 | |
| 0.2.50 | 3 / 3 | |
| 0.2.49 | 3 / 3 | |
| 0.2.48 | 3 / 3 | |
| 0.2.47 | 3 / 3 | |
| 0.2.46 | 3 / 3 | |
| 0.2.45 | 3 / 3 | |
| 0.2.44 | 3 / 3 | |
| 0.2.43 | 3 / 3 | |
| 0.2.42 | 3 / 3 | |
| 0.2.41 | 3 / 3 | |
| 0.2.40 | 3 / 3 | |
| 0.2.39 | 3 / 3 | |
| 0.2.38 | 3 / 3 | |
| 0.2.37 | 3 / 3 | |
| 0.2.36 | 3 / 3 | |
| 0.2.35 | 3 / 3 | |
| 0.2.34 | 3 / 3 | |
| 0.2.33 | 3 / 3 | |
| 0.2.32 | 3 / 3 | |
| 0.2.31 | 3 / 3 | |
| 0.2.30 | 3 / 3 | |
| 0.2.29 | 3 / 3 | |
| 0.2.28 | 3 / 3 | |
| 0.2.26 | 3 / 3 | |
| 0.2.25 | 3 / 3 | |
| 0.2.24 | 3 / 3 | |
| 0.2.23 | 3 / 3 | |
| 0.2.22 | 3 / 3 | |
| 0.2.21 | 3 / 3 | |
| 0.2.20 | 3 / 3 | |
| 0.2.19 | 3 / 3 | |
| 0.2.18 | 3 / 3 | |
| 0.2.17 | 3 / 3 | |
| 0.2.16 | 3 / 3 | |
| 0.2.15 | 3 / 3 | |
| 0.2.13 | 3 / 3 | |
| 0.2.12 | 3 / 3 | |
| 0.2.11 | 3 / 3 | |
| 0.2.10 | 3 / 3 | |
| 0.2.9 | 4 / 3 | |
| 0.2.8 | 4 / 3 |
v1.1.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.68
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.