@pnpm/installing.deps-installer
Fast, disk space efficient installation engine
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are within the @pnpm org scope; consistent with ongoing pnpm monorepo refactoring. | ai | |
| phantom-deps | phantom-dep:run-groups | AI (phantom-deps): Declared pnpm monorepo dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:is-inner-link | AI (phantom-deps): Declared pnpm monorepo dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:normalize-path | AI (phantom-deps): Declared pnpm monorepo dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/crypto.hash | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/bins.remover | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/lockfile.utils | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:p-filter | AI (phantom-deps): Declared pnpm monorepo dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/lockfile.walker | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/npm-package-arg | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/fs.read-modules-dir | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/deps.graph-sequencer | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/installing.package-requester | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@pnpm/lockfile.pruner | AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 1101.7.0 | 66 / 35 | |
| 1101.6.1 | 65 / 35 | |
| 1101.6.0 | 65 / 35 | |
| 1101.5.0 | 65 / 36 | |
| 1101.4.0 | 65 / 35 | |
| 1101.3.1 | 65 / 35 | |
| 1101.3.0 | 65 / 35 | |
| 1101.2.0 | 65 / 35 | |
| 1101.1.2 | 65 / 35 | |
| 1101.1.1 | 65 / 35 | |
| 1101.1.0 | 65 / 35 | |
| 1101.0.9 | 65 / 35 | |
| 1101.0.8 | 65 / 35 | |
| 1101.0.7 | 65 / 35 | |
| 1101.0.6 | 65 / 35 | |
| 1101.0.5 | 65 / 35 | |
| 1101.0.4 | 65 / 35 | |
| 1101.0.3 | 65 / 35 | |
| 1101.0.2 | 64 / 35 | |
| 1101.0.1 | 64 / 35 | |
| 1101.0.0 | 64 / 35 | |
| 1100.0.3 | 64 / 35 | |
| 1100.0.2 | 62 / 36 | |
| 1100.0.1 | 62 / 36 | |
| 1100.0.0 | 62 / 36 | |
| 1012.0.1 | 62 / 35 |
v1101.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1101.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1100.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1100.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1100.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1100.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1012.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.