← Home

@tryghost/migrate

npm Repository Homepage

`npm install -g @tryghost/migrate --save`

12
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

zimoatghostallouiskernalghostchrisraibleerisdsjohnonolankevinansfieldcobbspuraileencgnjlohminimaluminiumsam-lordpauladamdavisbobvaneckjoeegrigghadretjonhickmanerik-ghostsagzyvershwalmike182uklsingernickmoretonrblstr-ghostevanhahn-ghostweylandswartghost-slimertmciescojonatan-ghost9larsons

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:listr AI (phantom-deps): listr is declared as a direct dependency in package.json; phantom-dep is a false positive here. ai
dependencies unvetted-dep:@tryghost/mg-chorus AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-libsyn AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-stripe AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-wp-api AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-wp-xml AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-beehiiv AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-blogger AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/pretty-cli AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-fs-utils AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-json AI (dependencies): Same-org Ghost Foundation monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@tryghost/mg-tinynews AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-linkfixer AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-buttondown AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-letterdrop AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-webscraper AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-beehiiv-api AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-jekyll-export AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-medium-export AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-curated-export AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai
dependencies unvetted-dep:@tryghost/mg-substack AI (dependencies): Same-org Ghost Foundation monorepo dependency. ai

Versions (showing 12 of 12)

Version Deps Published
0.63.0 41 / 2
0.62.3 40 / 2
0.62.2 40 / 2
0.62.1 41 / 2
0.62.0 41 / 2
0.61.0 41 / 2
0.60.0 42 / 2
0.59.2 42 / 2
0.59.0 39 / 2
0.58.0 39 / 2
0.57.0 39 / 2
0.56.0 39 / 2

v0.63.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.56.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.