@steedos/data-import
<!-- * @Author: [email protected] * @Date: 2021-10-21 09:57:01 * @LastEditors: 孙浩林 [email protected] * @LastEditTime: 2023-11-14 11:13:54 * @Description: --> ## 功能说明 - 此包是系统设置中的数据导入功能,可通过excel导入对象数据
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Monorepo internal package; missing metadata is expected, not indicative of spam or malice. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Monorepo package; missing description is a stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:node-xlsx | AI (dependencies): node-xlsx is a well-known Excel parsing library; stable false positive for this data-import package. | ai | |
| phantom-deps | phantom-dep:@steedos/core | AI (phantom-deps): Same org scope; likely used transitively or in config rather than direct import. | ai | |
| provenance | no-provenance | AI (provenance): Steedos org packages consistently lack provenance; stable false positive for this package family. | ai | |
| phantom-deps | phantom-dep:dotenv-flow | AI (phantom-deps): dotenv-flow is a declared runtime dep used via config, not direct import; stable false positive for this package. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 3.0.14 | 8 / 1 | |
| 3.0.13 | 8 / 1 | |
| 3.0.9 | 8 / 1 | |
| 3.0.8 | 8 / 1 | |
| 3.0.7 | 8 / 1 | |
| 3.0.6 | 8 / 1 | |
| 3.0.3 | 8 / 1 | |
| 3.0.1 | 8 / 1 | |
| 3.0.0 | 8 / 1 | |
| 2.7.32 | 9 / 1 | |
| 2.7.31 | 9 / 1 | |
| 2.7.28 | 9 / 1 | |
| 2.7.27 | 9 / 1 | |
| 2.7.24 | 9 / 1 |
v3.0.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.