@quenty/softshutdown — Greenflagged

This service lets you shut down servers without losing a bunch of players. When game.OnClose is called, the script teleports everyone in the server into a reserved server.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

quenty

Keywords

RobloxNevermoreLuaPlayersSoftshutdown

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established quenty/NevermoreEngine monorepo; provenance not used across the entire package family.	ai	2026/05/28
phantom-deps	phantom-dep:@quenty/rx	AI (phantom-deps): Roblox/Lua package; JS static analysis cannot detect Lua imports. False positive for this monorepo.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/maid	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/math	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/blend	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/table	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/loader	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/promise	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/basicpane	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/datastore	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
install-scripts	install-script:preinstall	AI (install-scripts): npx only-allow pnpm is a standard pnpm-enforcement preinstall; stable across all NevermoreEngine packages.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/servicebag	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/valueobject	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/uiobjectutils	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/attributeutils	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/coreguienabler	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/valuebaseutils	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/clienttranslator	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/bindtocloseservice	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/teleportserviceutils	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19
phantom-deps	phantom-dep:@quenty/baseobject	AI (phantom-deps): Same as above — Lua imports not detectable by JS analyzer.	ai	2026/05/19

Versions (showing 7 of 7)

Version	Deps	Published
9.45.2	19 / 0	2026-04-30
9.41.0	19 / 0	2026-02-19
9.38.1	19 / 0	2026-01-21
9.27.0	19 / 0	2025-08-29
9.26.0	19 / 0	2025-07-11
9.25.0	19 / 0	2025-05-12
9.24.0	19 / 0	2025-05-10