← Home

@pinecone-database/pinecone

6
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pinecone-ops

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from pinecone-ops to GitHub Actions CI/CD with SLSA provenance; legitimate automation change. ai
publish-pattern dormant-publish AI (publish-pattern): Major version bump after internal development period; established package with SLSA provenance. ai

Versions (showing 6 of 6)

Version Deps Published
8.0.0 0 / 16
7.2.0 0 / 16
7.1.0 0 / 16
7.0.0 0 / 16
6.1.4 0 / 16
6.1.3 0 / 16

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.