@mxpicture/gcp-functions-generator
Tools for google cloud functions
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@mxpicture/gcp-functions-backend | AI (phantom-deps): Same-org scoped dep in a generator/scaffolding package; indirect usage (e.g., code generation targets) is expected and stable across versions. | ai | |
| phantom-deps | phantom-dep:@mxpicture/gcp-functions-frontend | AI (phantom-deps): Same-org scoped dep in a generator/scaffolding package; indirect usage (e.g., code generation targets) is expected and stable across versions. | ai | |
| phantom-deps | phantom-dep:@types/micromatch | AI (phantom-deps): @types/micromatch is a TypeScript type definition package listed as a runtime dep; this is a packaging style choice, not a security issue. Stable for this package. | ai |
Versions (showing 100 of 410)
| Version | Deps | Published |
|---|---|---|
| 1.2.48 | 10 / 8 | |
| 1.2.47 | 10 / 8 | |
| 1.2.46 | 10 / 8 | |
| 1.2.45 | 10 / 8 | |
| 1.2.44 | 10 / 8 | |
| 1.2.43 | 10 / 8 | |
| 1.2.42 | 10 / 8 | |
| 1.2.41 | 10 / 8 | |
| 1.2.40 | 10 / 8 | |
| 1.2.39 | 10 / 8 | |
| 1.2.38 | 10 / 8 | |
| 1.2.37 | 10 / 8 | |
| 1.2.36 | 10 / 8 | |
| 1.2.35 | 10 / 8 | |
| 1.2.34 | 10 / 8 | |
| 1.2.33 | 10 / 8 | |
| 1.2.32 | 10 / 8 | |
| 1.2.31 | 10 / 8 | |
| 1.2.30 | 10 / 8 | |
| 1.2.29 | 10 / 8 | |
| 1.2.28 | 10 / 8 | |
| 1.2.27 | 10 / 8 | |
| 1.2.26 | 10 / 8 | |
| 1.2.25 | 10 / 8 | |
| 1.2.24 | 10 / 8 | |
| 1.2.23 | 10 / 8 | |
| 1.2.22 | 10 / 8 | |
| 1.2.21 | 10 / 8 | |
| 1.2.20 | 10 / 8 | |
| 1.2.19 | 10 / 8 | |
| 1.2.18 | 10 / 8 | |
| 1.2.17 | 10 / 8 | |
| 1.2.16 | 10 / 8 | |
| 1.2.15 | 10 / 8 | |
| 1.2.14 | 10 / 8 | |
| 1.2.13 | 8 / 8 | |
| 1.2.12 | 8 / 8 | |
| 1.2.11 | 8 / 8 | |
| 1.2.10 | 8 / 8 | |
| 1.2.9 | 8 / 8 | |
| 1.2.8 | 8 / 8 | |
| 1.2.7 | 8 / 8 | |
| 1.2.6 | 8 / 8 | |
| 1.2.5 | 8 / 8 | |
| 1.2.4 | 8 / 8 | |
| 1.2.3 | 8 / 8 | |
| 1.2.2 | 8 / 8 | |
| 1.1.92 | 8 / 8 | |
| 1.1.91 | 8 / 8 | |
| 1.1.90 | 8 / 8 | |
| 1.1.89 | 8 / 8 | |
| 1.1.88 | 8 / 8 | |
| 1.1.87 | 8 / 8 | |
| 1.1.86 | 8 / 8 | |
| 1.1.85 | 8 / 8 | |
| 1.1.84 | 8 / 8 | |
| 1.1.83 | 8 / 8 | |
| 1.1.82 | 8 / 8 | |
| 1.1.81 | 8 / 8 | |
| 1.1.80 | 8 / 8 | |
| 1.1.79 | 8 / 8 | |
| 1.1.78 | 8 / 8 | |
| 1.1.77 | 8 / 8 | |
| 1.1.76 | 9 / 8 | |
| 1.1.75 | 9 / 8 | |
| 1.1.74 | 9 / 8 | |
| 1.1.73 | 9 / 8 | |
| 1.1.72 | 8 / 8 | |
| 1.1.71 | 8 / 8 | |
| 1.1.70 | 8 / 8 | |
| 1.1.69 | 8 / 8 | |
| 1.1.68 | 8 / 8 | |
| 1.1.67 | 8 / 8 | |
| 1.1.66 | 8 / 8 | |
| 1.1.65 | 8 / 8 | |
| 1.1.64 | 8 / 8 | |
| 1.1.63 | 8 / 8 | |
| 1.1.62 | 8 / 8 | |
| 1.1.61 | 8 / 8 | |
| 1.1.60 | 8 / 8 | |
| 1.1.59 | 8 / 8 | |
| 1.1.58 | 8 / 8 | |
| 1.1.57 | 8 / 8 | |
| 1.1.56 | 8 / 8 | |
| 1.1.55 | 8 / 8 | |
| 1.1.54 | 8 / 8 | |
| 1.1.53 | 8 / 8 | |
| 1.1.52 | 8 / 8 | |
| 1.1.51 | 8 / 8 | |
| 1.1.50 | 8 / 8 | |
| 1.1.49 | 8 / 8 | |
| 1.1.48 | 8 / 8 | |
| 1.1.47 | 8 / 8 | |
| 1.1.46 | 8 / 8 | |
| 1.1.45 | 8 / 8 | |
| 1.1.44 | 7 / 8 | |
| 1.1.43 | 4 / 8 | |
| 1.1.42 | 4 / 8 | |
| 1.1.41 | 4 / 8 | |
| 1.1.40 | 4 / 8 |
v1.2.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.69
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.