@revisium/engine
Revisium version engine — core versioning logic for branches, revisions, tables, and rows
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@nestjs/core | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/common | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/config | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/cqrs | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/platform-express | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/schedule | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nestjs/terminus | AI (phantom-deps): NestJS framework dependency; used via decorators and DI, not direct imports. | ai | |
| phantom-deps | phantom-dep:@prisma/client | AI (phantom-deps): Prisma ORM dependency; used via config and generated client, not direct imports. | ai | |
| phantom-deps | phantom-dep:@prisma/adapter-pg | AI (phantom-deps): Prisma adapter; used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:pg | AI (phantom-deps): Database driver; used via Prisma config, not direct imports. | ai | |
| phantom-deps | phantom-dep:rxjs | AI (phantom-deps): RxJS used by NestJS framework; implicit dependency via framework. | ai | |
| phantom-deps | phantom-dep:prom-client | AI (phantom-deps): Metrics library; used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:reflect-metadata | AI (phantom-deps): NestJS runtime dependency for decorator metadata; implicit. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 0.7.0 | 7 / 38 | |
| 0.6.3 | 7 / 38 | |
| 0.6.2 | 7 / 38 | |
| 0.6.1 | 7 / 38 | |
| 0.6.0 | 7 / 38 | |
| 0.5.0 | 7 / 38 | |
| 0.4.1 | 7 / 39 | |
| 0.4.0 | 7 / 39 | |
| 0.1.0 | 13 / 22 |
v0.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.