@vibe-agent-toolkit/vat-example-cat-agents No license 12 versions

@vibe-agent-toolkit/vat-example-cat-agents

npm Repository Homepage

12

Versions

—

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jeffrdutton

Keywords

ai-agentcat-agentsvibe-agent-toolkitexample

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
install-scripts	install-script:postinstall	AI (install-scripts): VAT toolkit's own CLI invocation for skill installation; consistent with vat config block and ecosystem pattern across all versions.	ai	2026/05/06
phantom-deps	phantom-dep:@vibe-agent-toolkit/transports	AI (phantom-deps): Same-org sibling dep; may be used indirectly via re-exports rather than direct import.	ai	2026/05/06

Versions (showing 12 of 12)

Version	Deps	Published
0.1.38	5 / 13	2026-05-18
0.1.34	5 / 13	2026-05-06
0.1.23	5 / 13	2026-04-03
0.1.22	5 / 13	2026-04-01
0.1.9	6 / 13	2026-02-07
0.1.8	6 / 13	2026-02-06
0.1.7	6 / 13	2026-02-05
0.1.6	6 / 13	2026-02-04
0.1.5	6 / 13	2026-02-04
0.1.4	6 / 13	2026-02-03
0.1.3	6 / 13	2026-02-01
0.1.2	6 / 13	2026-01-30

v0.1.38

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.34

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: vat skills install --npm-postinstall || exit 0

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.23

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.