@thi.ng/geom-voronoi
Fast, incremental 2D Delaunay & Voronoi mesh implementation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): thi.ng/umbrella monorepo does not use Sigstore provenance; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@thi.ng/api | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/math | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/vectors | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/bitfield | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/geom-isec | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/geom-clip-line | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/geom-clip-poly | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@thi.ng/geom-poly-utils | AI (dependencies): Sibling package in the thi.ng/umbrella monorepo; not a third-party risk. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 2.3.167 | 10 / 3 | |
| 2.3.166 | 10 / 3 | |
| 2.3.165 | 10 / 3 | |
| 2.3.163 | 10 / 3 | |
| 2.3.162 | 10 / 3 | |
| 2.3.160 | 10 / 3 | |
| 2.3.159 | 10 / 3 | |
| 2.3.158 | 10 / 3 | |
| 2.3.157 | 10 / 3 | |
| 2.3.156 | 10 / 3 | |
| 2.3.155 | 10 / 3 | |
| 2.3.154 | 10 / 3 | |
| 2.3.153 | 10 / 3 | |
| 2.3.152 | 10 / 3 | |
| 2.3.151 | 10 / 3 | |
| 2.3.150 | 10 / 3 | |
| 2.3.149 | 10 / 3 | |
| 2.3.148 | 10 / 3 | |
| 2.3.147 | 10 / 3 | |
| 2.3.146 | 10 / 3 | |
| 2.3.145 | 10 / 3 | |
| 2.3.144 | 10 / 3 | |
| 2.3.143 | 10 / 3 | |
| 2.3.142 | 10 / 3 | |
| 2.3.141 | 10 / 3 | |
| 2.3.137 | 10 / 3 | |
| 2.3.136 | 10 / 3 | |
| 2.3.135 | 10 / 3 | |
| 2.3.134 | 10 / 3 | |
| 2.3.132 | 10 / 3 | |
| 2.3.131 | 10 / 3 | |
| 2.3.130 | 10 / 3 | |
| 2.3.129 | 10 / 3 | |
| 2.3.128 | 10 / 3 | |
| 2.3.126 | 10 / 3 | |
| 2.3.125 | 10 / 3 | |
| 2.3.124 | 10 / 3 | |
| 2.3.123 | 10 / 3 | |
| 2.3.122 | 10 / 3 | |
| 2.3.121 | 10 / 3 | |
| 2.3.120 | 10 / 3 | |
| 2.3.119 | 10 / 3 | |
| 2.3.118 | 10 / 3 |
v2.3.167
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.166
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.165
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.163
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.162
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.160
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.159
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.158
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.156
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.155
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.154
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.153
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.152
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.151
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.150
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.149
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.148
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.147
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.146
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.145
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.144
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.143
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.142
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.141
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.137
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.136
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.135
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.134
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.132
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.131
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.130
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.129
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.128
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.126
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.125
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.124
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.123
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.122
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.121
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.120
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.119
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.118
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.