@tak-ps/cloudtak
``` npm install ```
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@capacitor-firebase/messaging | AI (phantom-deps): Consistent pattern for this package; capacitor plugins declared for config/dynamic use. | ai | |
| phantom-deps | phantom-dep:@capacitor/camera | AI (phantom-deps): Consistent pattern for this package; capacitor plugins declared for config/dynamic use. | ai | |
| phantom-deps | phantom-dep:firebase | AI (phantom-deps): Consistent pattern for this package; deps declared for config/dynamic use, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor-community/keep-awake | AI (phantom-deps): Consistent pattern for this package; capacitor plugins declared for config/dynamic use. | ai | |
| phantom-deps | phantom-dep:@turf/boolean-point-in-polygon | AI (phantom-deps): Turf geo utility; same pattern as other accepted turf phantom deps. | ai | |
| phantom-deps | phantom-dep:@turf/nearest-point-on-line | AI (phantom-deps): Turf geo utility; same pattern as other accepted turf phantom deps. | ai | |
| phantom-deps | phantom-dep:@turf/point-on-feature | AI (phantom-deps): Turf geo utility; same pattern as other accepted turf phantom deps. | ai | |
| phantom-deps | phantom-dep:@turf/boolean-touches | AI (phantom-deps): Turf geo utility; same pattern as other accepted turf phantom deps. | ai | |
| phantom-deps | phantom-dep:@turf/boolean-within | AI (phantom-deps): Turf geo utility; same pattern as other accepted turf phantom deps. | ai | |
| phantom-deps | phantom-dep:@capacitor/preferences | AI (phantom-deps): Capacitor plugin used in config/template context, not direct JS import; consistent with package pattern. | ai | |
| phantom-deps | phantom-dep:@turf/destination | AI (phantom-deps): Turf geo utility used in config files; consistent with this package's established phantom-dep pattern. | ai | |
| phantom-deps | phantom-dep:@tak-ps/vue-tabler | AI (phantom-deps): Same-org Vue component library; used in templates, not direct JS imports. | ai | |
| phantom-deps | phantom-dep:vue-component-type-helpers | AI (phantom-deps): Type-helper lib referenced in config; consistent with Vue component library pattern. | ai | |
| phantom-deps | phantom-dep:@simplewebauthn/browser | AI (phantom-deps): WebAuthn browser lib used in config context; consistent with package pattern. | ai | |
| phantom-deps | phantom-dep:@turf/length | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:chart.js | AI (phantom-deps): Vue component library pattern; deps referenced in config/templates, not direct imports. Consistent with all other accepted phantom-deps in this package. | ai | |
| phantom-deps | phantom-dep:imask | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:phone | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:hls.js | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:autosize | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:cronstrue | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/area | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/bbox | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/meta | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:sortablejs | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/buffer | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:floating-vue | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/ellipse | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/distance | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/envelope | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:swagger-ui-dist | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@turf/line-split | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@tabler/icons-vue | AI (phantom-deps): Same phantom-dep pattern as accepted deps; referenced in config files only. | ai | |
| phantom-deps | phantom-dep:@capacitor/haptics | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/core | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:geo-coordinates-parser | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:terra-draw-maplibre-gl-adapter | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ver0/deep-equal | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/clipboard | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/keyboard | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/browser | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/ios | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/app | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@capacitor/status-bar | AI (phantom-deps): Vue/Vite frontend bundle; deps resolved via build config, not direct imports. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:yaml | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:milsymbol | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:geomagnetism | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:vue-mention | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@tak-ps/node-cot | AI (phantom-deps): Same org scope; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@tak-ps/node-p12 | AI (phantom-deps): Same org scope; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@mapbox/tile-cover | AI (phantom-deps): Vue/Vite frontend bundle; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:handlebars | AI (phantom-deps): Package ships only dist/types; phantom-dep fires because the build artifact doesn't contain direct imports, but handlebars is a legitimate declared dependency. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): handlebars is a well-known, legitimate templating library; unvetted-dep fires because it hasn't been individually reviewed, not due to any malicious signal. | ai | |
| provenance | no-provenance | AI (provenance): Established publisher with 11-year history; lack of provenance is common and not a meaningful risk signal for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Inflated semver explained by migration from prior package; 55 versions in 107 days and 1.2k weekly downloads confirm active legitimate use. Publisher ingalls has 4108-day track record. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() in a Proxy handler at cot.ts:375 is a standard JavaScript pattern for property interception, not obfuscation. Appropriate for a TAK data modeling library. | ai | |
| provenance | slsa-provenance | AI (provenance): Package consistently published via CI/CD with SLSA provenance; this is the expected publishing pattern for this project. | ai |
Versions (showing 31 of 31)
| Version | Deps | Published |
|---|---|---|
| 13.3.0 | 61 / 22 | |
| 13.0.1 | 64 / 22 | |
| 12.138.2 | 64 / 22 | |
| 12.138.0 | 63 / 22 | |
| 12.136.0 | 63 / 22 | |
| 12.134.0 | 63 / 22 | |
| 12.133.0 | 55 / 21 | |
| 12.132.0 | 55 / 21 | |
| 12.127.1 | 55 / 21 | |
| 12.124.1 | 55 / 21 | |
| 12.124.0 | 55 / 21 | |
| 12.122.0 | 55 / 21 | |
| 12.117.1 | 54 / 21 | |
| 12.117.0 | 54 / 21 | |
| 12.116.2 | 54 / 21 | |
| 12.115.0 | 54 / 21 | |
| 12.113.0 | 53 / 21 | |
| 12.112.0 | 53 / 21 | |
| 12.111.2 | 53 / 21 | |
| 12.111.1 | 53 / 21 | |
| 12.111.0 | 53 / 21 | |
| 12.109.0 | 53 / 21 | |
| 12.108.0 | 53 / 21 | |
| 12.107.0 | 53 / 22 | |
| 12.106.1 | 53 / 22 | |
| 12.105.2 | 53 / 22 | |
| 12.104.1 | 53 / 21 | |
| 12.103.2 | 53 / 21 | |
| 12.102.0 | 53 / 21 | |
| 12.55.0 | 47 / 20 | |
| 12.54.0 | 47 / 20 |
v13.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.138.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.138.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.134.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.133.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.132.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.127.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.124.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.124.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.122.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.117.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.117.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.116.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.115.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.113.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.112.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.111.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.111.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.111.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.109.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.108.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.107.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.106.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.105.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.104.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.103.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.102.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.55.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.54.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.