@workflow/sveltekit Apache-2.0 9 versions

@workflow/sveltekit

npm Repository Homepage

SvelteKit integration for Workflow SDK

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@workflow/builders	AI (dependencies): Same org scope (@workflow); consistent pattern across all versions of this package family.	ai	2026/06/01
phantom-deps	phantom-dep:pathe	AI (phantom-deps): Declared dep used transitively/in config; stable false positive for this monorepo package.	ai	2026/05/28
phantom-deps	phantom-dep:exsolve	AI (phantom-deps): Same as pathe — config-level usage in monorepo context.	ai	2026/05/28
phantom-deps	phantom-dep:@swc/core	AI (phantom-deps): SWC used as a build-time peer/plugin dep; phantom signal is a stable FP here.	ai	2026/05/28
phantom-deps	phantom-dep:@workflow/swc-plugin	AI (phantom-deps): Same-org sibling dep; phantom signal is a stable FP for this monorepo.	ai	2026/05/28
bogus-package	bogus-package	AI (bogus-package): SDK sub-package with 451k downloads; sparse README/no keywords is cosmetic, not a risk signal.	ai	2026/05/28

Versions (showing 9 of 9)

Version	Deps	Published
4.0.8	8 / 4	2026-06-02
4.0.7	8 / 4	2026-06-02
4.0.6	8 / 4	2026-05-31
4.0.5	8 / 4	2026-05-22
4.0.4	8 / 4	2026-04-17
4.0.3	8 / 4	2026-04-16
4.0.2	8 / 4	2026-04-14
4.0.1	8 / 4	2026-04-11
4.0.0	8 / 4	2026-04-07

v4.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.