@sap-ux/odata-service-inquirer
Prompts module that can prompt users for inputs required for odata service writing
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): @sap-devx/yeoman-ui-types is a legitimate SAP DevX package; low risk for this SAP-org package. | ai | |
| dependencies | unvetted-dep:@sap/cf-tools | AI (dependencies): SAP-scoped dependency consistent with this package's ecosystem; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@sap-ux/btp-utils | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-ux/edmx-parser | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-ux/nodejs-utils | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-ux/axios-extension | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-ux/annotation-converter | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-ux/guided-answers-helper | AI (dependencies): Same SAP UX org scope; expected transitive dependency. | ai | |
| dependencies | unvetted-dep:@sap-devx/yeoman-ui-types | AI (dependencies): SAP DevX org scope; newly added but consistent with SAP tooling ecosystem. | ai | |
| dependencies | unvetted-dep:circular-reference-remover | AI (dependencies): Utility dependency; no malicious indicators, stable pattern. | ai | |
| phantom-deps | phantom-dep:os-name | AI (phantom-deps): os-name is a declared runtime dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@sap-ux/guided-answers-helper | AI (phantom-deps): Declared runtime dep in same SAP org scope; phantom-dep heuristic false positive. | ai |
Versions (showing 5 of 205)
| Version | Deps | Published |
|---|---|---|
| 2.3.9 | 19 / 12 | |
| 2.3.8 | 19 / 12 | |
| 2.3.7 | 19 / 12 | |
| 2.3.6 | 19 / 12 | |
| 2.3.5 | 19 / 12 |
v2.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.