← Home

@quenty/gamescalingutils

npm Repository Homepage

Scale ratios for the UI on different devices

5
Versions
MIT
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

quenty

Keywords

RobloxNevermoreLuaGui

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:preinstall AI (install-scripts): npx only-allow pnpm is a benign package manager enforcement script; stable pattern across all Nevermore Engine packages. ai
phantom-deps phantom-dep:@quenty/rx AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai
phantom-deps phantom-dep:@quenty/blend AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai
phantom-deps phantom-dep:@quenty/loader AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai
phantom-deps phantom-dep:@quenty/baseobject AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai
phantom-deps phantom-dep:@quenty/valueobject AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai
phantom-deps phantom-dep:@quenty/instanceutils AI (phantom-deps): Roblox/Lua package; JS import analysis does not apply to Lua module resolution. ai

Versions (showing 5 of 5)

Version Deps Published
13.35.0 6 / 0
13.34.2 6 / 0
13.20.0 6 / 0
13.19.1 6 / 0
13.19.0 6 / 0

v13.35.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.34.2

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: npx only-allow pnpm

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.19.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.