← Home

@revisium/core

npm Repository Homepage

Revisium is a tool (UI/API) inspired by JSON (JSON Schema) and Git, designed to provide a flexible and low-level headless CMS solution.

7
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

revisium-io

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:glob AI (phantom-deps): glob used in build/config scripts, not directly imported in runtime code; stable false positive for this package. ai
phantom-deps phantom-dep:graphql AI (phantom-deps): NestJS GraphQL module loads graphql as a peer dep by convention; not directly imported. ai
phantom-deps phantom-dep:ioredis AI (phantom-deps): NestJS cache-manager/redis integration loads ioredis by convention; not directly imported. ai
phantom-deps phantom-dep:@as-integrations/express5 AI (phantom-deps): NestJS/Apollo framework-loaded module; not directly imported by convention. ai
phantom-deps phantom-dep:@aws-sdk/s3-request-presigner AI (phantom-deps): AWS SDK module loaded by framework convention in NestJS app. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @revisium/core is a scoped package for a legitimate CMS; not a typosquat of 'cors'. ai
phantom-deps phantom-dep:passport AI (phantom-deps): passport is a peer/implicit dep for NestJS passport integration; stable false positive. ai
phantom-deps phantom-dep:cache-manager AI (phantom-deps): cache-manager is a peer dep for @nestjs/cache-manager; stable false positive. ai
phantom-deps phantom-dep:lru-cache AI (phantom-deps): lru-cache used transitively via cache infrastructure; stable false positive. ai
phantom-deps phantom-dep:reflect-metadata AI (phantom-deps): reflect-metadata is a known NestJS/TypeScript decorator runtime requirement; stable false positive. ai

Versions (showing 7 of 7)

Version Deps Published
2.10.0 52 / 40
2.9.2 47 / 38
2.5.0 50 / 38
2.4.0 44 / 37
2.1.1 39 / 36
2.1.0 39 / 36
2.0.0 39 / 36

v2.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.