@powerhousedao/analytics-engine-browser
6
Versions
AGPL-3.0-only
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
acaldas.powerhousememo.devryanwolhuterprometheus-phcallme-tfroidliberuum
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:vite-plugin-node-polyfills | AI (dependencies): vite-plugin-node-polyfills is a well-known Vite plugin for Node.js polyfills in browser builds; its use is consistent with this package's browser-bundle purpose. | ai | |
| phantom-deps | phantom-dep:knex | AI (phantom-deps): Bundled browser package; knex is a build-time bundled dependency referenced in config, not directly imported in source. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@electric-sql/pglite | AI (phantom-deps): Bundled browser package; @electric-sql/pglite is bundled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@powerhousedao/analytics-engine-core | AI (phantom-deps): Same-org sibling package bundled into the browser build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@powerhousedao/analytics-engine-knex | AI (phantom-deps): Same-org sibling package bundled into the browser build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:vite-plugin-node-polyfills | AI (phantom-deps): vite-plugin-node-polyfills is a build-time Vite plugin referenced in bundle config, not imported in source. Expected pattern for a browser-bundled package. | ai | |
| phantom-deps | phantom-dep:util | AI (phantom-deps): util is declared in package.json and used in build/config; static analysis cannot trace all import paths in this package. | ai | |
| phantom-deps | phantom-dep:luxon | AI (phantom-deps): luxon is declared in package.json and used in build/config; static analysis cannot trace all import paths in this package. | ai | |
| phantom-deps | phantom-dep:events | AI (phantom-deps): events is declared in package.json and used in build/config; static analysis cannot trace all import paths in this package. | ai | |
| phantom-deps | phantom-dep:date-fns | AI (phantom-deps): date-fns is declared in package.json and used in build/config; static analysis cannot trace all import paths in this package. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 6.1.0 | 4 / 6 | |
| 6.0.0 | 4 / 6 | |
| 0.6.4 | 8 / 6 | |
| 0.6.3 | 9 / 5 | |
| 0.6.2 | 9 / 5 | |
| 0.6.1 | 8 / 5 |
v6.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.