← Home

@php-wasm/web

npm Repository Homepage

PHP.wasm for the web

15
Versions
GPL-2.0-or-later
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bgrgicakadamzielbrandonpayton-a8csejasdanielbachhuberyannickdecatjanjakesakirk

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:minimisted AI (dependencies): minimisted is also a phantom dep (not directly imported); stable pattern across this package's many versions. ai
phantom-deps phantom-dep:fs-ext-extra-prebuilt AI (phantom-deps): Platform-specific binary package declared as dep; stable pattern for this package. ai
phantom-deps phantom-dep:pako AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:pify AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:diff3 AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:yargs AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:crc-32 AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:ignore AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:sha.js AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:express AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:octokit AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:ws AI (phantom-deps): Monorepo bundle; deps declared for transitive/config use, not direct import. ai
phantom-deps phantom-dep:minimisted AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:simple-get AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:jsonc-parser AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:clean-git-ref AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:@zip.js/zip.js AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:fast-xml-parser AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:readable-stream AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:wasm-feature-detect AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:async-lock AI (phantom-deps): Same monorepo pattern; stable false positive. ai
phantom-deps phantom-dep:ini AI (phantom-deps): Same monorepo pattern; stable false positive. ai

Versions (showing 15 of 15)

Version Deps Published
3.1.36 16 / 0
3.1.35 16 / 0
3.1.34 16 / 0
3.1.33 16 / 0
3.1.32 16 / 0
3.1.31 16 / 0
3.1.30 16 / 0
3.1.29 16 / 0
3.1.25 36 / 0
3.1.22 36 / 0
3.1.21 36 / 0
3.1.19 35 / 0
3.1.18 35 / 0
3.1.15 35 / 0
3.1.14 35 / 0

v3.1.36

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.35

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.34

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.33

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.32

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.31

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.25

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.22

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.