@platforma-open/milaboratories.mixcr-clonotyping-2.workflow
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@platforma-open/milaboratories.software-mixcr | AI (phantom-deps): Same-org dependency used as a data/asset dep in a Tengo workflow; not directly imported in JS, stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@platforma-sdk/workflow-tengo | AI (phantom-deps): Tengo workflow builder pattern; dependency consumed by build tooling, not JS imports. Stable for this package. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 3.26.3 | 2 / 1 | |
| 3.26.2 | 2 / 1 | |
| 3.26.1 | 2 / 1 | |
| 3.24.5 | 2 / 1 | |
| 3.24.1 | 2 / 1 | |
| 3.24.0 | 2 / 1 | |
| 3.23.6 | 2 / 1 | |
| 3.23.2 | 2 / 1 | |
| 3.18.0 | 2 / 5 | |
| 3.17.0 | 2 / 5 | |
| 3.16.0 | 2 / 5 | |
| 3.12.1 | 2 / 5 | |
| 3.10.1 | 2 / 5 | |
| 3.8.0 | 2 / 5 | |
| 3.5.2 | 2 / 4 | |
| 3.3.0 | 2 / 4 | |
| 3.1.1 | 2 / 4 | |
| 3.0.2 | 2 / 4 |
v3.26.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.18.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.17.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.16.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.