@opendaw/studio-sdk
One-line installer for the complete OpenDAW Studio tool-chain
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@opendaw/lib-box | AI (phantom-deps): Meta-package re-exporting same-org deps; no direct imports expected by design. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-dom | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-dsp | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-jsx | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-std | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-xml | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-midi | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-fusion | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-runtime | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/studio-core | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/studio-boxes | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/studio-enums | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/lib-dawproject | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:@opendaw/studio-adapters | AI (phantom-deps): Same-org meta-package pattern; stable false positive. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 0.0.154 | 14 / 1 | |
| 0.0.153 | 14 / 1 | |
| 0.0.152 | 14 / 1 | |
| 0.0.151 | 14 / 1 | |
| 0.0.150 | 14 / 1 | |
| 0.0.149 | 14 / 1 | |
| 0.0.148 | 14 / 1 | |
| 0.0.147 | 14 / 1 | |
| 0.0.146 | 14 / 1 | |
| 0.0.145 | 14 / 1 | |
| 0.0.144 | 14 / 1 | |
| 0.0.143 | 14 / 1 | |
| 0.0.130 | 14 / 1 | |
| 0.0.114 | 14 / 1 | |
| 0.0.113 | 14 / 1 |
v0.0.154
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.151
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.150
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.149
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.148
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.147
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.146
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.145
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.144
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.143
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.