@visactor/vgrammar-core No license 11 versions

@visactor/vgrammar-core

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

liufangfangvisactorownerxuanhunzamhownchensiji.0517youngwindspurpose233ssfxzlixuefei.1313ray_sunxiaoluohesimaqxile611da730zhouxinyu66888zexian_chen

Keywords

grammarvisualizationVGrammarstorytellingVisActor

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@visactor/vdataset	AI (dependencies): Same-org sibling dep in VisActor monorepo; consistent across all versions of this package.	ai	2026/05/14
bogus-package	bogus-package	AI (bogus-package): VisActor monorepo package; README link dump and missing repo URL are cosmetic issues, not spam indicators.	ai	2026/05/07

Versions (showing 11 of 11)

Version	Deps	Published
0.16.17	8 / 14	2026-03-27
0.16.16	8 / 14	2025-12-15
0.16.15	8 / 14	2025-10-10
0.16.14	8 / 14	2025-09-10
0.16.13	8 / 14	2025-08-24
0.16.12	8 / 14	2025-08-21
0.16.11	8 / 14	2025-08-20
0.16.10	8 / 14	2025-07-02
0.16.9	8 / 14	2025-06-11
0.16.8	8 / 14	2025-05-21
0.16.7	8 / 14	2025-05-15

v0.16.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.15

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.13

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.