@prata.ma/anvil-ai — Greenflagged

Shared AI harness parsing and environment utilities for governed workspaces.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

bianpratama

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:yaml	AI (phantom-deps): yaml is a declared runtime dep; phantom-dep heuristic false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:execa	AI (phantom-deps): execa is a declared runtime dep; phantom-dep heuristic false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:tinyglobby	AI (phantom-deps): tinyglobby is a declared runtime dep; phantom-dep heuristic false positive for this package.	ai	2026/04/29

Versions (showing 20 of 20)

Version	Deps	Published
0.3.8	7 / 7	2026-06-07
0.3.7	7 / 7	2026-05-19
0.3.6	7 / 7	2026-05-19
0.3.5	7 / 7	2026-05-18
0.3.4	7 / 7	2026-05-13
0.3.3	7 / 7	2026-05-09
0.3.2	7 / 7	2026-05-04
0.3.1	7 / 6	2026-04-30
0.3.0	7 / 6	2026-04-29
0.2.5	7 / 6	2026-04-29
0.2.4	7 / 6	2026-04-29
0.2.3	7 / 6	2026-04-28
0.2.2	7 / 6	2026-04-27
0.2.1	7 / 6	2026-04-26
0.2.0	7 / 6	2026-04-23
0.1.4	7 / 6	2026-04-17
0.1.3	7 / 6	2026-04-16
0.1.2	7 / 6	2026-04-15
0.1.1	7 / 6	2026-04-14
0.1.0	7 / 6	2026-04-14