@salesforce/lds-adapters-industries-automotive
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@jcrafts/ldscli | AI (phantom-deps): Config-only reference, not directly imported; consistent pattern across this package family. | ai | |
| phantom-deps | phantom-dep:@salesforce/lds-bindings | AI (phantom-deps): Same Salesforce org scope; phantom detection is a stable false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Salesforce internal adapter package; no description/repo/keywords is a consistent pattern across the LDS adapter family. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent across all LDS adapter packages; not indicative of malice. | ai |
Versions (showing 51 of 58)
| Version | Deps | Published |
|---|---|---|
| 1.433.0 | 2 / 2 | |
| 1.432.0 | 2 / 2 | |
| 1.431.0 | 2 / 2 | |
| 1.430.0 | 2 / 2 | |
| 1.429.0 | 2 / 2 | |
| 1.428.0 | 2 / 2 | |
| 1.405.0 | 2 / 2 | |
| 1.404.0 | 2 / 2 | |
| 1.403.0 | 2 / 2 | |
| 1.402.0 | 2 / 2 | |
| 1.401.0 | 2 / 2 | |
| 1.400.0 | 2 / 2 | |
| 1.399.0 | 2 / 2 | |
| 1.398.0 | 2 / 2 | |
| 1.397.0 | 2 / 2 | |
| 1.396.0 | 2 / 2 | |
| 1.395.0 | 2 / 2 | |
| 1.394.0 | 2 / 2 | |
| 1.393.0 | 2 / 2 | |
| 1.392.0 | 2 / 2 | |
| 1.391.0 | 2 / 2 | |
| 1.390.0 | 2 / 2 | |
| 1.389.2 | 2 / 2 | |
| 1.389.1 | 2 / 2 | |
| 1.389.0 | 2 / 2 | |
| 1.388.0 | 2 / 2 | |
| 1.387.0 | 2 / 2 | |
| 1.386.0 | 2 / 2 | |
| 1.385.0 | 2 / 2 | |
| 1.384.0 | 2 / 2 | |
| 1.383.0 | 2 / 2 | |
| 1.382.0 | 2 / 2 | |
| 1.381.0 | 2 / 2 | |
| 1.380.0 | 2 / 2 | |
| 1.379.1 | 2 / 2 | |
| 1.379.0 | 2 / 2 | |
| 1.378.0 | 2 / 2 | |
| 1.377.1 | 2 / 2 | |
| 1.377.0 | 2 / 2 | |
| 1.376.0 | 2 / 2 | |
| 1.375.0 | 2 / 2 | |
| 1.374.0 | 2 / 2 | |
| 1.373.0 | 2 / 2 | |
| 1.372.1 | 2 / 2 | |
| 1.372.0 | 2 / 2 | |
| 1.371.0 | 2 / 2 | |
| 1.370.0 | 2 / 2 | |
| 1.369.0 | 2 / 2 | |
| 1.368.0 | 2 / 2 | |
| 1.367.0 | 2 / 2 | |
| 1.366.0 | 2 / 2 |
v1.433.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.432.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.431.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.430.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.429.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.428.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.405.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.404.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.403.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.402.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.401.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.400.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.399.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.398.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.397.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.396.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.395.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.394.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.393.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.392.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.391.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.390.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.389.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.389.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.389.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.388.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.387.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.386.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.385.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.384.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.383.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.382.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.381.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.380.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.379.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.379.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.378.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.377.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.377.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.376.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.375.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.374.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.373.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.372.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.372.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.371.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.370.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.369.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.368.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.367.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.366.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.