← Home

@sjcrh/proteinpaint-server

npm Repository Homepage

a genomics visualization tool for exploring a cohort's genotype and phenotype data

13
Versions
SEE LICENSE IN ./LICENSE
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

siosonelaacicppteamuser

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:better-sqlite3 AI (phantom-deps): Stable false positive; native binding loaded by convention in this server package. ai
phantom-deps phantom-dep:image-size AI (phantom-deps): Established package with many phantom deps; pattern is stable across versions. ai
phantom-deps phantom-dep:skia-canvas AI (phantom-deps): Newly added legitimate runtime dep; phantom-dep heuristic false positive for this package. ai
dependencies unvetted-dep:canvas AI (dependencies): canvas is a well-known native Node.js binding for server-side image rendering; consistent with this genomics visualization server's use case. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance attestation and no material changes in diff mitigate account-takeover risk for this established St. Jude package. ai
dependencies unvetted-dep:@sjcrh/augen AI (dependencies): Same org scope (@sjcrh); part of the proteinpaint monorepo, stable pattern across versions. ai
dependencies unvetted-dep:@sjcrh/proteinpaint-r AI (dependencies): Same org scope (@sjcrh); sibling monorepo package, stable pattern across versions. ai
phantom-deps phantom-dep:@sjcrh/proteinpaint-shared AI (phantom-deps): Same org scope; used via package.json imports map, not direct import — stable false positive for this package. ai
phantom-deps phantom-dep:got AI (phantom-deps): HTTP client used in server context; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:node-fetch AI (phantom-deps): HTTP client; phantom-dep heuristic false positive for server package. ai
phantom-deps phantom-dep:partjson AI (phantom-deps): Declared dep; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:minimatch AI (phantom-deps): Utility loaded by convention; stable false positive. ai
phantom-deps phantom-dep:micromatch AI (phantom-deps): Utility loaded by convention; stable false positive. ai
phantom-deps phantom-dep:tiny-async-pool AI (phantom-deps): Utility; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:redis AI (phantom-deps): Backing store for connect-redis; loaded by convention. ai
phantom-deps phantom-dep:express-basic-auth AI (phantom-deps): Auth middleware loaded by convention. ai
phantom-deps phantom-dep:@sjcrh/augen AI (phantom-deps): Same org scope; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@types/express AI (phantom-deps): Type package; framework-scoped, stable false positive. ai
phantom-deps phantom-dep:@types/express-session AI (phantom-deps): Type package; framework-scoped, stable false positive. ai
phantom-deps phantom-dep:@sjcrh/proteinpaint-types AI (phantom-deps): Same org scope; loaded via package.json imports map, not direct import. ai
phantom-deps phantom-dep:deep-object-diff AI (phantom-deps): Utility; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:jsonwebtoken AI (phantom-deps): Auth middleware loaded by convention in server context. ai
phantom-deps phantom-dep:express AI (phantom-deps): Server package; express and middleware are loaded by convention, not direct import. ai
phantom-deps phantom-dep:body-parser AI (phantom-deps): Express middleware loaded by convention in server context. ai
phantom-deps phantom-dep:compression AI (phantom-deps): Express middleware loaded by convention. ai
phantom-deps phantom-dep:cookie-parser AI (phantom-deps): Express middleware loaded by convention. ai
phantom-deps phantom-dep:express-session AI (phantom-deps): Express middleware loaded by convention. ai
phantom-deps phantom-dep:connect-redis AI (phantom-deps): Session store loaded by convention. ai

Versions (showing 13 of 13)

Version Deps Published
2.191.0 31 / 21
2.189.0 30 / 23
2.188.0 30 / 23
2.187.0 30 / 23
2.186.0 30 / 23
2.185.0 30 / 23
2.184.0 30 / 23
2.183.1 30 / 23
2.183.0 30 / 23
2.182.2 30 / 23
2.182.1 30 / 23
2.182.0 30 / 23
2.181.1 30 / 23

v2.191.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.189.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.188.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.187.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.186.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.185.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.184.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.183.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.183.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.182.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.182.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.182.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.181.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.