@rip-lang/db
DuckDB server with official DuckDB UI - pure Bun FFI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped @rip-lang/db package; Levenshtein match to 'pg' is coincidental, not a squatting attempt. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped @rip-lang/db package; Levenshtein match to 'qs' is coincidental, not a squatting attempt. | ai | |
| phantom-deps | phantom-dep:rip-lang | AI (phantom-deps): rip-lang is the runtime for .rip files; not directly imported via JS but legitimately required. | ai | |
| phantom-deps | phantom-dep:@rip-lang/server | AI (phantom-deps): Same-org dependency used by .rip source files, not JS imports; stable false positive for this package. | ai |
Versions (showing 51 of 117)
| Version | Deps | Published |
|---|---|---|
| 2.0.1 | 0 / 0 | |
| 1.3.131 | 2 / 0 | |
| 1.3.130 | 2 / 0 | |
| 1.3.129 | 2 / 0 | |
| 1.3.128 | 2 / 0 | |
| 1.3.127 | 2 / 0 | |
| 1.3.126 | 2 / 0 | |
| 1.3.125 | 2 / 0 | |
| 1.3.124 | 2 / 0 | |
| 1.3.123 | 2 / 0 | |
| 1.3.122 | 2 / 0 | |
| 1.3.121 | 2 / 0 | |
| 1.3.120 | 2 / 0 | |
| 1.3.119 | 2 / 0 | |
| 1.3.118 | 2 / 0 | |
| 1.3.117 | 2 / 0 | |
| 1.3.116 | 2 / 0 | |
| 1.3.115 | 2 / 0 | |
| 1.3.114 | 2 / 0 | |
| 1.3.113 | 2 / 0 | |
| 1.3.112 | 2 / 0 | |
| 1.3.111 | 2 / 0 | |
| 1.3.110 | 2 / 0 | |
| 1.3.109 | 2 / 0 | |
| 1.3.108 | 2 / 0 | |
| 1.3.107 | 2 / 0 | |
| 1.3.106 | 2 / 0 | |
| 1.3.105 | 2 / 0 | |
| 1.3.104 | 2 / 0 | |
| 1.3.103 | 2 / 0 | |
| 1.3.102 | 2 / 0 | |
| 1.3.101 | 2 / 0 | |
| 1.3.100 | 2 / 0 | |
| 1.3.99 | 2 / 0 | |
| 1.3.98 | 2 / 0 | |
| 1.3.97 | 2 / 0 | |
| 1.3.96 | 2 / 0 | |
| 1.3.95 | 2 / 0 | |
| 1.3.94 | 2 / 0 | |
| 1.3.93 | 2 / 0 | |
| 1.3.92 | 2 / 0 | |
| 1.3.91 | 2 / 0 | |
| 1.3.90 | 2 / 0 | |
| 1.3.89 | 2 / 0 | |
| 1.3.88 | 2 / 0 | |
| 1.3.87 | 2 / 0 | |
| 1.3.86 | 2 / 0 | |
| 1.3.85 | 2 / 0 | |
| 1.3.84 | 2 / 0 | |
| 1.3.83 | 2 / 0 | |
| 1.3.82 | 2 / 0 |
v2.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.130
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.129
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.128
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.127
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.126
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.125
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.124
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.123
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.122
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.120
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.119
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.117
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.116
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.115
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.114
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.111
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.110
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.103
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.91
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.84
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.82
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.