@viamrobotics/svelte-sdk Apache-2.0 15 versions

@viamrobotics/svelte-sdk

npm Repository Homepage

Build Svelte apps with Viam

15

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cheuktstevebriskinviambotmicheal.parksmpviamnjoomadevin-viamale7714amaschas

Keywords

svelte

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Intentional migration to GitHub Actions CI/CD publishing with SLSA provenance attestation; stable for this package.	ai	2026/05/05
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are viamrobotics org members; consistent with org-level ownership transition.	ai	2026/05/05
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of prior maintainer aligns with org-managed CI/CD publishing transition.	ai	2026/05/05
phantom-deps	phantom-dep:@tanstack/svelte-query-devtools	AI (phantom-deps): Listed as a runtime dependency in package.json; phantom-dep false positive for this package.	ai	2026/04/29

Versions (showing 15 of 15)

Version	Deps	Published
1.2.1	4 / 31	2026-04-28
1.2.0	4 / 31	2026-04-22
1.1.7	4 / 31	2026-04-21
1.1.6	4 / 31	2026-04-09
1.1.5	4 / 32	2026-03-25
1.1.4	4 / 32	2026-03-25
1.1.3	4 / 32	2026-03-17
1.1.2	4 / 32	2026-03-16
1.1.1	4 / 32	2026-03-16
1.1.0	4 / 32	2026-03-13
1.0.3	3 / 32	2026-01-22
1.0.1	3 / 32	2025-11-25
1.0.0	3 / 32	2025-11-25
0.7.3	1 / 34	2025-11-05
0.7.2	1 / 34	2025-11-04

v1.1.5

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-25) provenance

This version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.4

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-25) provenance

This version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.3

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-16) provenance

This version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-16) provenance

This version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

2 findings

HIGH Publisher changed: micheal.parks → GitHub Actions (on 2026-01-22) provenance

This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.7.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.7.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.