@spinajs/intl-orm
Internationalization support for ORM module
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Consistent across all spinajs org packages; no provenance is standard for this publisher. | ai | |
| phantom-deps | phantom-dep:@spinajs/log-common | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@spinajs/reflection | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@spinajs/exceptions | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a stable false positive for @spinajs/* packages. | ai | |
| phantom-deps | phantom-dep:luxon | AI (phantom-deps): Listed in dependencies; phantom-dep heuristic misfires on indirect usage patterns common in TypeScript monorepos. | ai | |
| phantom-deps | phantom-dep:typescript-mix | AI (phantom-deps): Listed in dependencies; same heuristic misfire as luxon. | ai | |
| phantom-deps | phantom-dep:@spinajs/configuration | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai |
Versions (showing 51 of 104)
| Version | Deps | Published |
|---|---|---|
| 2.0.474 | 9 / 1 | |
| 2.0.473 | 9 / 1 | |
| 2.0.472 | 9 / 1 | |
| 2.0.471 | 9 / 1 | |
| 2.0.470 | 9 / 1 | |
| 2.0.468 | 9 / 1 | |
| 2.0.467 | 9 / 1 | |
| 2.0.466 | 9 / 1 | |
| 2.0.465 | 9 / 1 | |
| 2.0.464 | 9 / 1 | |
| 2.0.463 | 9 / 1 | |
| 2.0.462 | 9 / 1 | |
| 2.0.461 | 9 / 1 | |
| 2.0.460 | 9 / 1 | |
| 2.0.458 | 9 / 1 | |
| 2.0.457 | 9 / 1 | |
| 2.0.456 | 9 / 1 | |
| 2.0.455 | 9 / 1 | |
| 2.0.454 | 9 / 1 | |
| 2.0.453 | 9 / 1 | |
| 2.0.452 | 9 / 1 | |
| 2.0.451 | 9 / 1 | |
| 2.0.450 | 9 / 1 | |
| 2.0.449 | 9 / 1 | |
| 2.0.448 | 9 / 1 | |
| 2.0.447 | 9 / 1 | |
| 2.0.446 | 9 / 1 | |
| 2.0.445 | 9 / 1 | |
| 2.0.444 | 9 / 1 | |
| 2.0.443 | 9 / 1 | |
| 2.0.442 | 9 / 1 | |
| 2.0.441 | 9 / 1 | |
| 2.0.439 | 9 / 1 | |
| 2.0.438 | 9 / 1 | |
| 2.0.436 | 9 / 1 | |
| 2.0.435 | 9 / 1 | |
| 2.0.434 | 9 / 1 | |
| 2.0.433 | 9 / 1 | |
| 2.0.432 | 9 / 1 | |
| 2.0.431 | 9 / 1 | |
| 2.0.430 | 9 / 1 | |
| 2.0.429 | 9 / 1 | |
| 2.0.428 | 9 / 1 | |
| 2.0.427 | 9 / 1 | |
| 2.0.426 | 9 / 1 | |
| 2.0.425 | 9 / 1 | |
| 2.0.424 | 9 / 1 | |
| 2.0.423 | 9 / 1 | |
| 2.0.422 | 9 / 1 | |
| 2.0.421 | 9 / 1 | |
| 2.0.420 | 9 / 1 |
v2.0.474
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.473
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.472
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.471
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.470
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.468
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.467
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.466
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.465
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.463
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.462
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.461
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.460
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.458
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.457
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.456
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.455
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.454
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.453
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.452
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.451
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.450
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.449
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.448
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.447
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.446
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.445
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.444
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.443
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.442
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.441
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.439
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.438
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.436
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.435
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.434
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.433
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.432
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.431
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.430
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.429
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.428
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.427
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.426
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.425
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.424
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.423
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.422
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.421
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.420
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.