@typia/unplugin
unplugin for typia
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:bun-only | AI (dependencies): bun-only is a legitimate small utility for Bun runtime detection; appropriate dependency for an unplugin that supports Bun. | ai | |
| dependencies | unvetted-dep:pkg-types | AI (dependencies): pkg-types is a well-known unjs ecosystem package for reading package.json and tsconfig; standard dependency for build tooling. | ai | |
| dependencies | unvetted-dep:diff-match-patch-es | AI (dependencies): diff-match-patch-es is an ES module port of Google's diff-match-patch library; legitimate utility for source transformation in build plugins. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 12.1.1 | 11 / 13 | |
| 12.1.0 | 11 / 13 | |
| 12.0.2 | 11 / 13 | |
| 12.0.1 | 11 / 13 | |
| 12.0.0 | 11 / 13 |
v12.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.