@semiont/core
Core domain types for Semiont - Document, Annotation, and Graph models
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; legitimate automation change for this org. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @semiont/ontology is a sibling package in the same monorepo; not a suspicious third-party dep. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): @semiont/core is a scoped package for the Semiont project, not a typosquat of cors; name similarity is coincidental. | ai | |
| phantom-deps | phantom-dep:ajv | AI (phantom-deps): ajv is a declared runtime dep used in config validation; indirect import pattern is stable for this package. | ai | |
| phantom-deps | phantom-dep:ajv-formats | AI (phantom-deps): ajv-formats is a declared runtime dep used alongside ajv; indirect import pattern is stable for this package. | ai |
Versions (showing 51 of 80)
| Version | Deps | Published |
|---|---|---|
| 0.5.5 | 4 / 9 | |
| 0.5.4 | 4 / 7 | |
| 0.5.3 | 4 / 7 | |
| 0.5.2 | 4 / 7 | |
| 0.5.1 | 4 / 7 | |
| 0.5.0 | 4 / 7 | |
| 0.4.22 | 4 / 7 | |
| 0.4.21 | 4 / 6 | |
| 0.4.20 | 4 / 6 | |
| 0.4.19 | 4 / 6 | |
| 0.4.18 | 4 / 6 | |
| 0.4.17 | 4 / 6 | |
| 0.4.16 | 4 / 6 | |
| 0.4.15 | 4 / 6 | |
| 0.4.14 | 4 / 6 | |
| 0.4.13 | 4 / 6 | |
| 0.4.12 | 4 / 6 | |
| 0.4.11 | 4 / 6 | |
| 0.4.10 | 4 / 6 | |
| 0.4.9 | 4 / 6 | |
| 0.4.7 | 4 / 6 | |
| 0.4.6 | 4 / 6 | |
| 0.4.5 | 4 / 6 | |
| 0.4.4 | 4 / 6 | |
| 0.4.3 | 4 / 6 | |
| 0.4.2 | 5 / 7 | |
| 0.4.1 | 5 / 7 | |
| 0.4.0 | 5 / 7 | |
| 0.3.8 | 5 / 7 | |
| 0.3.7 | 5 / 7 | |
| 0.3.6 | 5 / 7 | |
| 0.3.5 | 5 / 7 | |
| 0.3.4 | 3 / 7 | |
| 0.3.3 | 3 / 7 | |
| 0.3.2 | 3 / 7 | |
| 0.3.1 | 3 / 7 | |
| 0.3.0 | 3 / 7 | |
| 0.2.46 | 3 / 7 | |
| 0.2.45 | 3 / 7 | |
| 0.2.43 | 3 / 7 | |
| 0.2.42 | 3 / 7 | |
| 0.2.41 | 3 / 7 | |
| 0.2.40 | 3 / 7 | |
| 0.2.39 | 3 / 7 | |
| 0.2.38 | 3 / 7 | |
| 0.2.37 | 3 / 7 | |
| 0.2.36 | 3 / 7 | |
| 0.2.35 | 3 / 7 | |
| 0.2.34 | 3 / 7 | |
| 0.2.33 | 4 / 6 | |
| 0.2.32 | 4 / 6 |
v0.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.22
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.20
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.19
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.18
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.17
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.16
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.15
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.14
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.12
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.11
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.10
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.9
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.7
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.6
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.5
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.4
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.8
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.7
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.6
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.5
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.4
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.3
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.2
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.46
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.45
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.43
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.42
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.41
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.40
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.39
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.38
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.37
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.36
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.35
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.34
2 findingsPackage name '@semiont/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.33
2 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.32
2 findingsThis version was published by a different npm account than previous versions on 2026-02-01. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.