@tak-ps/node-cot
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): Dep swap from archiver to @archiver/archiver is a scoped refactor, not an injection; SLSA provenance and CI publisher reduce risk. | ai | |
| phantom-deps | phantom-dep:geomagnetism | AI (phantom-deps): Domain-appropriate geospatial dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:mil-std-2525 | AI (phantom-deps): Military symbology dep appropriate for TAK message library; heuristic false positive. | ai | |
| phantom-deps | phantom-dep:milsymbol | AI (phantom-deps): TypeScript project; milsymbol is a domain-appropriate optional dep, not directly imported in all code paths. | ai | |
| phantom-deps | phantom-dep:@types/geojson | AI (phantom-deps): Type-only package loaded by convention in TypeScript projects; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/archiver | AI (phantom-deps): Type-only package loaded by convention in TypeScript projects; stable false positive. | ai | |
| phantom-deps | phantom-dep:milstandard-e | AI (phantom-deps): Military symbology dep appropriate for TAK message library; heuristic false positive. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 14.38.0 | 23 / 8 | |
| 14.37.1 | 24 / 8 | |
| 14.34.0 | 24 / 8 | |
| 14.33.0 | 24 / 10 | |
| 14.30.1 | 24 / 10 | |
| 14.30.0 | 24 / 10 | |
| 14.29.0 | 24 / 10 | |
| 14.28.1 | 24 / 10 | |
| 14.27.0 | 24 / 10 | |
| 14.25.0 | 24 / 10 | |
| 14.24.2 | 24 / 10 | |
| 14.24.1 | 24 / 10 | |
| 14.23.1 | 24 / 9 | |
| 14.23.0 | 24 / 9 | |
| 14.20.1 | 24 / 9 | |
| 14.13.0 | 23 / 9 | |
| 14.12.0 | 22 / 9 | |
| 14.11.1 | 22 / 9 | |
| 14.11.0 | 22 / 9 | |
| 14.9.3 | 22 / 9 | |
| 14.9.2 | 22 / 9 | |
| 14.9.1 | 22 / 9 | |
| 14.9.0 | 22 / 9 | |
| 14.8.2 | 22 / 9 | |
| 14.8.1 | 22 / 9 | |
| 14.8.0 | 22 / 9 | |
| 14.7.9 | 22 / 9 | |
| 14.7.8 | 22 / 9 | |
| 14.7.7 | 22 / 9 | |
| 14.7.6 | 22 / 9 | |
| 14.7.5 | 22 / 9 | |
| 14.7.4 | 22 / 9 | |
| 14.7.3 | 22 / 9 | |
| 14.7.2 | 22 / 9 | |
| 14.7.1 | 22 / 9 | |
| 14.7.0 | 22 / 9 | |
| 14.6.0 | 21 / 9 | |
| 14.5.0 | 21 / 9 | |
| 14.4.0 | 21 / 9 | |
| 14.3.0 | 21 / 9 | |
| 14.2.2 | 21 / 9 | |
| 14.2.1 | 21 / 9 | |
| 14.2.0 | 21 / 9 | |
| 14.1.1 | 21 / 9 | |
| 14.1.0 | 21 / 9 | |
| 14.0.5 | 21 / 9 | |
| 14.0.3 | 21 / 9 | |
| 14.0.2 | 21 / 9 | |
| 14.0.1 | 21 / 9 | |
| 14.0.0 | 21 / 9 |
v14.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.37.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.30.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.28.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.24.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.24.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.23.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.13.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.11.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.9.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.9.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.8.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.