@sap-ux/odata-service-writer
Writer module allowing to add an OData service to a UI5 project.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): SAP org migrated publishing to GitHub Actions CI/CD with SLSA attestation; transition is legitimate and verifiable. | ai | |
| dependencies | unvetted-dep:mem-fs-editor | AI (dependencies): mem-fs-editor is a standard Yeoman/SAP tooling dependency; stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): SAP open-ux-tools monorepo consistently publishes without Sigstore provenance; stable pattern across all versions. | ai | |
| phantom-deps | phantom-dep:ejs | AI (phantom-deps): ejs is a declared runtime dep used via EJS templates; phantom-dep heuristic misfires on template-based usage. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 1.0.5 | 12 / 10 | |
| 1.0.4 | 12 / 10 | |
| 1.0.2 | 12 / 9 | |
| 1.0.1 | 12 / 9 | |
| 1.0.0 | 12 / 9 | |
| 0.32.2 | 12 / 9 | |
| 0.32.1 | 12 / 9 | |
| 0.32.0 | 12 / 9 | |
| 0.31.13 | 12 / 9 | |
| 0.31.12 | 12 / 9 | |
| 0.31.11 | 12 / 9 | |
| 0.31.10 | 12 / 9 | |
| 0.31.9 | 12 / 9 | |
| 0.31.7 | 12 / 9 | |
| 0.31.5 | 12 / 9 | |
| 0.31.4 | 12 / 9 | |
| 0.31.3 | 12 / 9 | |
| 0.31.2 | 12 / 9 | |
| 0.31.1 | 12 / 9 | |
| 0.31.0 | 12 / 9 | |
| 0.30.1 | 12 / 9 | |
| 0.29.27 | 12 / 9 | |
| 0.29.26 | 12 / 9 | |
| 0.29.22 | 12 / 9 | |
| 0.29.18 | 12 / 9 | |
| 0.29.13 | 12 / 9 | |
| 0.29.9 | 12 / 9 | |
| 0.29.8 | 12 / 9 | |
| 0.29.5 | 12 / 9 | |
| 0.29.0 | 12 / 9 | |
| 0.27.38 | 12 / 9 | |
| 0.27.37 | 12 / 9 | |
| 0.27.35 | 12 / 9 | |
| 0.27.33 | 12 / 9 | |
| 0.27.31 | 12 / 9 | |
| 0.27.25 | 10 / 7 | |
| 0.27.22 | 10 / 7 | |
| 0.27.21 | 10 / 7 | |
| 0.27.18 | 10 / 7 | |
| 0.27.15 | 10 / 7 | |
| 0.27.14 | 10 / 7 | |
| 0.27.12 | 10 / 7 | |
| 0.27.11 | 10 / 7 | |
| 0.27.6 | 10 / 7 | |
| 0.27.3 | 10 / 7 | |
| 0.27.1 | 10 / 7 | |
| 0.27.0 | 10 / 7 | |
| 0.26.18 | 10 / 7 |
v1.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.2
2 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.1
2 findingsThis version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.