@naturalcycles/nodejs-lib
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Used in secrets-decrypt CLI for decrypting encrypted secrets; legitimate cryptographic use. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): Reads only SECRET_* prefixed env vars for secrets management; expected pattern for this library. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a TypeScript runtime helper; implicit dependency, not directly imported. | ai | |
| phantom-deps | phantom-dep:@types/yargs | AI (phantom-deps): @types/* packages are type-only; not directly imported at runtime. | ai | |
| phantom-deps | phantom-dep:@types/jsonwebtoken | AI (phantom-deps): @types/* packages are type-only; not directly imported at runtime. | ai |
Versions (showing 51 of 170)
| Version | Deps | Published |
|---|---|---|
| 15.111.0 | 12 / 2 | |
| 15.110.0 | 12 / 2 | |
| 15.109.0 | 12 / 2 | |
| 15.108.0 | 12 / 2 | |
| 15.107.4 | 12 / 2 | |
| 15.107.3 | 12 / 2 | |
| 15.107.2 | 12 / 2 | |
| 15.107.1 | 12 / 2 | |
| 15.107.0 | 12 / 2 | |
| 15.106.3 | 12 / 2 | |
| 15.106.2 | 12 / 2 | |
| 15.106.1 | 12 / 2 | |
| 15.106.0 | 12 / 2 | |
| 15.105.0 | 12 / 2 | |
| 15.104.0 | 12 / 2 | |
| 15.103.0 | 12 / 2 | |
| 15.102.0 | 12 / 2 | |
| 15.101.0 | 12 / 2 | |
| 15.100.0 | 12 / 2 | |
| 15.99.0 | 12 / 2 | |
| 15.98.0 | 13 / 2 | |
| 15.97.5 | 14 / 2 | |
| 15.97.4 | 14 / 2 | |
| 15.97.3 | 14 / 2 | |
| 15.97.2 | 14 / 2 | |
| 15.97.1 | 14 / 2 | |
| 15.97.0 | 14 / 2 | |
| 15.96.1 | 14 / 2 | |
| 15.96.0 | 14 / 2 | |
| 15.95.0 | 13 / 2 | |
| 15.94.0 | 13 / 2 | |
| 15.93.0 | 13 / 2 | |
| 15.92.1 | 13 / 2 | |
| 15.92.0 | 13 / 2 | |
| 15.91.0 | 13 / 2 | |
| 15.90.2 | 13 / 2 | |
| 15.90.1 | 13 / 1 | |
| 15.90.0 | 13 / 1 | |
| 15.89.1 | 14 / 1 | |
| 15.89.0 | 14 / 1 | |
| 15.88.0 | 14 / 1 | |
| 15.87.0 | 14 / 1 | |
| 15.86.0 | 14 / 1 | |
| 15.85.0 | 14 / 1 | |
| 15.84.0 | 14 / 1 | |
| 15.83.0 | 14 / 1 | |
| 15.82.1 | 14 / 1 | |
| 15.82.0 | 14 / 1 | |
| 15.81.1 | 14 / 1 | |
| 15.81.0 | 14 / 1 | |
| 15.80.2 | 14 / 1 |
v15.111.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.110.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.109.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.107.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.107.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.107.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.107.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.107.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.106.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.106.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.106.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.106.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.105.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.104.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.103.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.102.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.101.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.100.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.99.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.98.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.97.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.96.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.96.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.95.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.94.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.93.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.92.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.92.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.91.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.90.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.90.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.90.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.89.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.89.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.88.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.87.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.86.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.85.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.84.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.83.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.82.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.82.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.81.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.81.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.80.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.