@tanstack/start-plugin-core
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@types/babel__core | AI (phantom-deps): Type-only dep loaded by convention in this build tooling package; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/babel__code-frame | AI (phantom-deps): Type-only dep loaded by convention; stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@tanstack/server-functions-plugin | AI (dependencies): Sibling package within the TanStack org monorepo; routinely published alongside this package. Not an independent third-party dependency. | ai | |
| bogus-package | bogus-package | AI (bogus-package): This is a monorepo sub-package from TanStack; sparse README is expected as docs live at tanstack.com/start. Not a spam or phishing package. | ai | |
| phantom-deps | phantom-dep:@rolldown/pluginutils | AI (phantom-deps): Build plugin package; @rolldown/pluginutils is a declared dependency used in config/build tooling context, not necessarily directly imported in source. | ai | |
| phantom-deps | phantom-dep:@tanstack/start-client-core | AI (phantom-deps): Same-org sibling package used conditionally in the plugin; phantom detection is a false positive for this monorepo package. | ai |
Versions (showing 100 of 422)
| Version | Deps | Published |
|---|---|---|
| 1.134.15 | 21 / 3 | |
| 1.134.14 | 21 / 3 | |
| 1.134.13 | 21 / 3 | |
| 1.134.12 | 21 / 3 | |
| 1.134.10 | 21 / 3 | |
| 1.134.9 | 21 / 3 | |
| 1.134.7 | 21 / 3 | |
| 1.134.6 | 21 / 3 | |
| 1.134.5 | 21 / 3 | |
| 1.134.4 | 21 / 3 | |
| 1.134.3 | 21 / 3 | |
| 1.134.2 | 21 / 3 | |
| 1.133.37 | 21 / 3 | |
| 1.133.36 | 21 / 3 | |
| 1.133.35 | 21 / 3 | |
| 1.133.32 | 21 / 3 | |
| 1.133.31 | 21 / 3 | |
| 1.133.29 | 21 / 3 | |
| 1.133.28 | 21 / 3 | |
| 1.133.27 | 21 / 3 | |
| 1.133.26 | 21 / 3 | |
| 1.133.25 | 21 / 3 | |
| 1.133.22 | 21 / 3 | |
| 1.133.21 | 21 / 3 | |
| 1.133.20 | 21 / 3 | |
| 1.133.19 | 21 / 3 | |
| 1.133.18 | 21 / 3 | |
| 1.133.15 | 21 / 3 | |
| 1.133.14 | 21 / 3 | |
| 1.133.13 | 21 / 3 | |
| 1.133.12 | 21 / 3 | |
| 1.133.11 | 21 / 3 | |
| 1.133.10 | 21 / 3 | |
| 1.133.9 | 21 / 3 | |
| 1.133.8 | 21 / 3 | |
| 1.133.7 | 21 / 3 | |
| 1.133.6 | 21 / 3 | |
| 1.133.5 | 21 / 3 | |
| 1.133.4 | 21 / 3 | |
| 1.133.3 | 21 / 3 | |
| 1.133.2 | 21 / 3 | |
| 1.132.56 | 21 / 3 | |
| 1.132.55 | 21 / 3 | |
| 1.132.54 | 21 / 3 | |
| 1.132.53 | 21 / 3 | |
| 1.132.52 | 21 / 3 | |
| 1.132.51 | 21 / 3 | |
| 1.132.48 | 20 / 3 | |
| 1.132.47 | 20 / 3 | |
| 1.132.45 | 20 / 3 | |
| 1.132.43 | 20 / 3 | |
| 1.132.42 | 20 / 3 | |
| 1.132.41 | 20 / 3 | |
| 1.132.40 | 20 / 3 | |
| 1.132.38 | 20 / 3 | |
| 1.132.37 | 20 / 3 | |
| 1.132.36 | 20 / 3 | |
| 1.132.35 | 20 / 3 | |
| 1.132.34 | 20 / 3 | |
| 1.132.33 | 20 / 3 | |
| 1.132.32 | 20 / 3 | |
| 1.132.31 | 20 / 3 | |
| 1.132.29 | 20 / 3 | |
| 1.132.28 | 20 / 3 | |
| 1.132.27 | 20 / 3 | |
| 1.132.26 | 20 / 3 | |
| 1.132.25 | 20 / 3 | |
| 1.132.24 | 20 / 3 | |
| 1.132.23 | 20 / 3 | |
| 1.132.22 | 20 / 3 | |
| 1.132.21 | 20 / 3 | |
| 1.132.19 | 20 / 3 | |
| 1.132.18 | 20 / 3 | |
| 1.132.17 | 20 / 3 | |
| 1.132.16 | 20 / 3 | |
| 1.132.15 | 20 / 3 | |
| 1.132.14 | 20 / 3 | |
| 1.132.13 | 20 / 3 | |
| 1.132.12 | 20 / 3 | |
| 1.132.11 | 20 / 3 | |
| 1.132.10 | 20 / 3 | |
| 1.132.9 | 20 / 3 | |
| 1.132.8 | 19 / 3 | |
| 1.132.7 | 19 / 3 | |
| 1.132.6 | 19 / 3 | |
| 1.132.4 | 19 / 3 | |
| 1.132.3 | 19 / 3 | |
| 1.132.2 | 18 / 3 | |
| 1.132.1 | 18 / 3 | |
| 1.132.0 | 18 / 3 | |
| 1.131.45 | 20 / 1 | |
| 1.131.41 | 20 / 1 | |
| 1.131.26 | 20 / 1 | |
| 1.131.24 | 20 / 1 | |
| 1.131.23 | 20 / 1 | |
| 1.131.15 | 20 / 1 | |
| 1.131.12 | 20 / 1 | |
| 1.131.10 | 20 / 1 | |
| 1.131.3 | 20 / 1 | |
| 1.130.10 | 20 / 1 |
v1.133.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.