@overextended/ox_core
A modern FiveM framework.
4
Versions
LGPL-3.0-or-later
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
thelindatlukewastaken
Keywords
fivemox_coreoxoverextendedoverextended
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@nativewrappers/server | AI (dependencies): Standard FiveM server native type wrappers; appropriate dependency for a FiveM framework package. | ai | |
| dependencies | unvetted-dep:mariadb | AI (dependencies): mariadb is a well-known database connector; its use is expected and appropriate for a FiveM server framework like ox_core. | ai | |
| dependencies | unvetted-dep:@overextended/ox_lib | AI (dependencies): ox_lib is the companion library from the same Overextended org; its inclusion is expected across all ox_core versions. | ai | |
| dependencies | unvetted-dep:@nativewrappers/fivem | AI (dependencies): Standard FiveM native type wrappers; appropriate dependency for a FiveM framework package. | ai | |
| phantom-deps | phantom-dep:@biomejs/biome | AI (phantom-deps): Biome is a formatting/linting tool miscategorized as a runtime dep; it's only referenced in config files. Packaging hygiene issue, not a security concern. | ai | |
| phantom-deps | phantom-dep:@nativewrappers/fivem | AI (phantom-deps): FiveM native wrappers are used as type references in a FiveM framework; not being directly imported at runtime is expected for type-only usage. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 1.5.14 | 5 / 7 | |
| 1.5.13 | 5 / 7 | |
| 1.5.12 | 5 / 7 | |
| 1.5.10 | 5 / 7 |
v1.5.14
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.13
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.12
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.10
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.