@quenty/camera — Greenflagged

Quenty's camera system for Roblox

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

quenty

Keywords

RobloxNevermoreLuacamera

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@quenty/rx	AI (dependencies): Same-org @quenty/* monorepo dep; consistent with all other deps in this package.	ai	2026/05/28
phantom-deps	phantom-dep:@quenty/rx	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/draw	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/maid	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/math	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/loader	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/qframe	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/spring	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/ducktype	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/acceltween	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
install-scripts	install-script:preinstall	AI (install-scripts): only-allow pnpm is a standard package manager enforcement script; stable pattern across all @quenty/* packages.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/servicebag	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/cframeutils	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/cubicspline	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/valueobject	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/vector3utils	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quentystudios/jest-lua	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/inputobjectutils	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/nevermore-test-runner	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/baseobject	AI (phantom-deps): Roblox Lua package; JS import detection is a false positive for this ecosystem.	ai	2026/05/19

Versions (showing 6 of 6)

Version	Deps	Published
14.38.2	18 / 1	2026-04-30
14.26.7	16 / 1	2026-01-03
14.26.6	16 / 1	2025-12-31
14.26.3	15 / 1	2025-12-28
14.22.0	14 / 1	2025-05-12
14.21.0	14 / 1	2025-05-10