@sebbo2002/tgtg-ical
A small server that receives mails from TGTG, parses them and generates an iCal feed from them.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@criblinc/docker-names | AI (dependencies): docker-names is a benign name-generation utility; stable dependency across versions of this package. | ai | |
| phantom-deps | phantom-dep:@prisma/client | AI (phantom-deps): Prisma client is a runtime dep used via Prisma schema config, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:express | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:mailparser | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:@sentry/node | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:cookie-parser | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Prisma internal WASM loader pattern; decodes bundled query engine binary, not user input. | ai | |
| phantom-deps | phantom-dep:moment-timezone | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:@criblinc/docker-names | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:@prisma/adapter-mariadb | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:ical-generator | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai | |
| phantom-deps | phantom-dep:he | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this compiled package. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 3.1.6 | 10 / 33 | |
| 3.1.5 | 10 / 33 | |
| 3.1.4 | 10 / 33 | |
| 3.1.3 | 10 / 32 | |
| 3.1.2 | 10 / 32 | |
| 3.1.1 | 10 / 32 | |
| 3.1.0 | 10 / 32 | |
| 3.0.9 | 9 / 32 | |
| 3.0.8 | 9 / 32 | |
| 3.0.7 | 9 / 32 | |
| 3.0.6 | 9 / 32 | |
| 3.0.5 | 9 / 32 | |
| 3.0.4 | 9 / 32 | |
| 3.0.3 | 9 / 32 | |
| 3.0.2 | 9 / 32 | |
| 3.0.1 | 9 / 32 | |
| 3.0.0 | 9 / 32 |
v3.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.