← Home

@sourceloop/task-service

npm Repository Homepage

a Reusable, customizable and workflow based task service.

6
Versions
MIT
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

samarpan_sfnpm-sourcefusedev-hitesh-guptaakshatdubeysfbarleendhaliwalsfankurb1999yeshasfabir.ganguly

Keywords

loopback-extensionloopback

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:postinstall AI (install-scripts): Runs node migration.js for DB migrations; consistent with package purpose and stable across versions. ai
phantom-deps phantom-dep:check-code-coverage AI (phantom-deps): Dev/CI tooling dependency; not imported at runtime, stable false positive for this package. ai
phantom-deps phantom-dep:prom-client AI (phantom-deps): Metrics library referenced via config/peer usage pattern; stable false positive for this package. ai
phantom-deps phantom-dep:jsonwebtoken AI (phantom-deps): Auth library referenced indirectly via @sourceloop/core; stable false positive for this package. ai

Versions (showing 6 of 6)

Version Deps Published
10.1.0 13 / 23
10.0.0 13 / 23
9.0.5 13 / 23
9.0.4 13 / 23
9.0.3 13 / 23
9.0.2 13 / 23

v10.1.0

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node migration.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.