← Home

@quenty/playerinputmode

npm Repository Homepage

Service that takes active input modes from the player and exposes it to every other player via the server.

10
Versions
MIT
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

quenty

Keywords

RobloxNevermoreLuaPlayerInput

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Quenty's monorepo publishes in bulk; gaps between releases are normal for this org's workflow. ai
phantom-deps phantom-dep:@quenty/rx AI (phantom-deps): Same-org monorepo dependency; phantom-dep heuristic is a false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/brio AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/maid AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/enums AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/table AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/loader AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
install-scripts install-script:preinstall AI (install-scripts): npx only-allow pnpm is a standard pnpm-enforcement pattern used across the NevermoreEngine monorepo; not malicious. ai
phantom-deps phantom-dep:@quenty/remoting AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/inputmode AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/servicebag AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/playerutils AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/attributeutils AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai
phantom-deps phantom-dep:@quenty/promise AI (phantom-deps): Same-org monorepo dependency; false positive for Roblox/Lua packages. ai

Versions (showing 10 of 10)

Version Deps Published
9.37.0 12 / 0
9.36.2 12 / 0
9.31.1 12 / 0
9.30.0 12 / 0
9.28.0 11 / 0
9.26.1 11 / 0
9.22.0 11 / 0
9.21.1 11 / 0
9.21.0 11 / 0
9.20.0 11 / 0

v9.37.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.36.2

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: npx only-allow pnpm

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.31.1

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: npx only-allow pnpm

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.30.0

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: npx only-allow pnpm

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.28.0

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: npx only-allow pnpm

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.26.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.21.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.