← Home

@verana-labs/vs-agent-nestjs-client

npm Repository Homepage

`@verana-labs/vs-agent-nestjs-client` # Nestjs-client for VS Agent The `nestjs-client` library simplifies the integration of VS Agent components in your NestJS applications. It provides several modules that follow a plug-and-play architecture, allowing yo

11
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

genaris

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@2060.io/credo-ts-didcomm-mrtd AI (dependencies): @2060.io/credo-ts-didcomm-mrtd is a DIDComm MRTD extension for Credo-TS; expected for this package's DIDComm integration. ai
dependencies unvetted-dep:rhea AI (dependencies): rhea is a well-known AMQP client library; its presence in this NestJS client package is expected and not a security concern. ai
dependencies unvetted-dep:@credo-ts/core AI (dependencies): @credo-ts/core is the core of the Credo-TS DIDComm framework; a legitimate and expected dependency for this package. ai
dependencies unvetted-dep:@nestjs/typeorm AI (dependencies): @nestjs/typeorm is the official NestJS TypeORM integration; a standard and expected dependency. ai
dependencies unvetted-dep:@credo-ts/didcomm AI (dependencies): @credo-ts/didcomm is the DIDComm module of the Credo-TS framework; expected for this package's purpose. ai
dependencies unvetted-dep:@nestjs/platform-express AI (dependencies): @nestjs/platform-express is the official NestJS Express adapter; a standard and expected dependency. ai
provenance no-provenance AI (provenance): Active package with 66 versions and clear GitHub repo; lack of provenance is common and not a disqualifying signal for this package. ai
phantom-deps phantom-dep:@nestjs/core AI (phantom-deps): @nestjs/core is a peer/framework dependency in NestJS libraries; not directly imported in source is expected and normal. ai
phantom-deps phantom-dep:reflect-metadata AI (phantom-deps): reflect-metadata is a known implicit runtime dependency for TypeScript decorators used by NestJS; not directly imported is expected. ai
phantom-deps phantom-dep:@nestjs/platform-express AI (phantom-deps): @nestjs/platform-express is a standard NestJS platform adapter; declaring without direct import is normal for NestJS client libraries. ai
phantom-deps phantom-dep:rxjs AI (phantom-deps): rxjs is a standard NestJS framework implicit dependency; declaring it without direct import is normal NestJS library practice. ai

Versions (showing 11 of 11)

Version Deps Published
1.10.1 13 / 8
1.10.0 13 / 8
1.9.2 13 / 8
1.9.1 13 / 8
1.9.0 13 / 8
1.8.1 13 / 8
1.8.0 13 / 8
1.7.3 13 / 8
1.7.1 12 / 8
1.7.0 12 / 8
1.6.0 12 / 8

v1.10.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.8.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.8.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.