@sjcrh/proteinpaint-client
a genomics visualization tool for exploring a cohort's genotype and phenotype data
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/chunk-67QM2NUK.js | AI (source-diff): Bundled genomics visualization code with internal fetch utilities; not malicious network+exec pattern. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Active project with frequent releases; large dist bundles and source maps are expected build artifacts. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 2.191.4 | 0 / 49 | |
| 2.191.3 | 0 / 49 | |
| 2.191.0 | 0 / 49 | |
| 2.189.0 | 0 / 49 | |
| 2.188.1 | 0 / 49 | |
| 2.188.0 | 0 / 49 | |
| 2.187.0 | 0 / 49 | |
| 2.186.0 | 0 / 49 | |
| 2.185.0 | 0 / 49 | |
| 2.184.0 | 0 / 49 | |
| 2.183.1 | 0 / 49 | |
| 2.183.0 | 0 / 49 | |
| 2.182.1 | 0 / 49 | |
| 2.182.0 | 0 / 49 | |
| 2.181.0 | 0 / 49 |
v2.191.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.191.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.191.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.189.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.188.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.188.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.187.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.186.0
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.185.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.184.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.183.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.183.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.182.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.182.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.181.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.