@thi.ng/geom-io-obj
Wavefront OBJ parser (& exporter soon)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@thi.ng/api | AI (dependencies): Sibling thi.ng/umbrella package; stable false positive for this monorepo. | ai | |
| dependencies | unvetted-dep:@thi.ng/vectors | AI (dependencies): Sibling thi.ng/umbrella package; stable false positive for this monorepo. | ai |
Versions (showing 42 of 42)
| Version | Deps | Published |
|---|---|---|
| 0.3.219 | 3 / 3 | |
| 0.3.218 | 3 / 3 | |
| 0.3.216 | 3 / 3 | |
| 0.3.215 | 3 / 3 | |
| 0.3.213 | 3 / 3 | |
| 0.3.212 | 3 / 3 | |
| 0.3.211 | 3 / 3 | |
| 0.3.210 | 3 / 3 | |
| 0.3.209 | 3 / 3 | |
| 0.3.208 | 3 / 3 | |
| 0.3.207 | 3 / 3 | |
| 0.3.206 | 3 / 3 | |
| 0.3.205 | 3 / 3 | |
| 0.3.204 | 3 / 3 | |
| 0.3.203 | 3 / 3 | |
| 0.3.202 | 3 / 3 | |
| 0.3.201 | 3 / 3 | |
| 0.3.200 | 3 / 3 | |
| 0.3.199 | 3 / 3 | |
| 0.3.198 | 3 / 3 | |
| 0.3.197 | 3 / 3 | |
| 0.3.196 | 3 / 3 | |
| 0.3.195 | 3 / 3 | |
| 0.3.194 | 3 / 3 | |
| 0.3.190 | 3 / 3 | |
| 0.3.189 | 3 / 3 | |
| 0.3.188 | 3 / 3 | |
| 0.3.187 | 3 / 3 | |
| 0.3.185 | 3 / 3 | |
| 0.3.184 | 3 / 3 | |
| 0.3.183 | 3 / 3 | |
| 0.3.182 | 3 / 3 | |
| 0.3.181 | 3 / 3 | |
| 0.3.179 | 3 / 3 | |
| 0.3.178 | 3 / 3 | |
| 0.3.177 | 3 / 3 | |
| 0.3.176 | 3 / 3 | |
| 0.3.175 | 3 / 3 | |
| 0.3.174 | 3 / 3 | |
| 0.3.173 | 3 / 3 | |
| 0.3.172 | 3 / 3 | |
| 0.3.171 | 3 / 3 |
v0.3.219
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.218
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.216
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.215
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.213
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.212
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.211
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.210
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.204
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.203
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.202
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.201
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.200
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.199
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.198
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.197
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.195
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.194
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.190
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.189
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.187
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.185
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.184
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.183
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.182
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.181
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.179
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.178
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.177
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.176
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.175
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.174
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.173
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.172
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.171
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.