@stacksjs/registry
Pantry package registry backend - S3 storage with DynamoDB metadata
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@stacksjs/stx | AI (phantom-deps): Same org scope; declared for config/peer use, not a malicious phantom dep pattern. | ai | |
| phantom-deps | phantom-dep:@ts-charts/path | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ts-charts/array | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ts-charts/scale | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ts-charts/shape | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ts-charts/format | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 0.70.45 | 0 / 1 | |
| 0.70.44 | 0 / 1 | |
| 0.70.43 | 0 / 1 | |
| 0.70.42 | 0 / 1 | |
| 0.70.41 | 0 / 1 | |
| 0.70.40 | 0 / 1 | |
| 0.70.39 | 0 / 1 | |
| 0.70.38 | 0 / 1 | |
| 0.70.37 | 0 / 1 | |
| 0.70.36 | 0 / 1 | |
| 0.70.35 | 0 / 1 | |
| 0.70.34 | 0 / 1 | |
| 0.70.33 | 0 / 1 | |
| 0.70.32 | 0 / 1 | |
| 0.70.31 | 0 / 1 | |
| 0.70.30 | 0 / 1 | |
| 0.70.29 | 0 / 1 | |
| 0.70.28 | 0 / 1 | |
| 0.70.27 | 0 / 1 | |
| 0.70.26 | 0 / 1 | |
| 0.70.25 | 0 / 1 | |
| 0.9.20 | 6 / 2 | |
| 0.9.2 | 6 / 2 | |
| 0.8.16 | 1 / 2 | |
| 0.8.15 | 1 / 2 | |
| 0.8.14 | 1 / 2 | |
| 0.8.13 | 1 / 2 | |
| 0.8.12 | 1 / 2 | |
| 0.8.11 | 1 / 2 | |
| 0.8.4 | 1 / 2 |
v0.70.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.