@splinetool/modelling-wasm
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Internal WASM build artifact from @splinetool org; sparse metadata is expected for automated CI-published packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent across all 883 versions; intentional for this internal tooling package. | ai |
Versions (showing 46 of 146)
| Version | Deps | Published |
|---|---|---|
| 1.10.35 | 0 / 4 | |
| 1.10.34 | 0 / 4 | |
| 1.10.33 | 0 / 4 | |
| 1.10.32 | 0 / 4 | |
| 1.10.31 | 0 / 4 | |
| 1.10.30 | 0 / 4 | |
| 1.10.29 | 0 / 4 | |
| 1.10.28 | 0 / 4 | |
| 1.10.27 | 0 / 4 | |
| 1.10.26 | 0 / 4 | |
| 1.10.25 | 0 / 4 | |
| 1.10.24 | 0 / 4 | |
| 1.10.23 | 0 / 4 | |
| 1.10.22 | 0 / 4 | |
| 1.10.21 | 0 / 4 | |
| 1.10.20 | 0 / 4 | |
| 1.10.19 | 0 / 4 | |
| 1.10.18 | 0 / 4 | |
| 1.10.17 | 0 / 4 | |
| 1.10.16 | 0 / 4 | |
| 1.10.15 | 0 / 4 | |
| 1.10.14 | 0 / 4 | |
| 1.10.13 | 0 / 4 | |
| 1.10.12 | 0 / 4 | |
| 1.10.11 | 0 / 4 | |
| 1.10.10 | 0 / 4 | |
| 1.10.9 | 0 / 4 | |
| 1.10.8 | 0 / 4 | |
| 1.10.7 | 0 / 4 | |
| 1.10.6 | 0 / 4 | |
| 1.10.5 | 0 / 4 | |
| 1.10.4 | 0 / 4 | |
| 1.10.3 | 0 / 4 | |
| 1.10.2 | 0 / 4 | |
| 1.10.1 | 0 / 4 | |
| 1.9.99 | 0 / 4 | |
| 1.9.98 | 0 / 4 | |
| 1.9.97 | 0 / 4 | |
| 1.9.96 | 0 / 4 | |
| 1.9.95 | 0 / 4 | |
| 1.9.94 | 0 / 4 | |
| 1.9.93 | 0 / 4 | |
| 1.9.92 | 0 / 4 | |
| 1.9.91 | 0 / 4 | |
| 1.9.90 | 0 / 4 | |
| 1.9.89 | 0 / 4 |
v1.10.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.