@workglow/sqlite
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): New files are build artifacts for multiple targets (browser/node/bun) plus source maps; expected for this package's build structure. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase driven by multi-target build output and source maps, not injected payloads. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): better-sqlite3, @sqlite.org/sqlite-wasm, and @sqliteai/sqlite-vector are legitimate SQLite ecosystem packages matching the package's stated purpose. | ai |
Versions (showing 51 of 94)
| Version | Deps | Published |
|---|---|---|
| 0.3.12 | 0 / 7 | |
| 0.3.11 | 0 / 7 | |
| 0.3.10 | 0 / 7 | |
| 0.3.9 | 0 / 7 | |
| 0.3.7 | 0 / 7 | |
| 0.3.6 | 0 / 7 | |
| 0.3.5 | 0 / 7 | |
| 0.3.4 | 0 / 7 | |
| 0.3.3 | 0 / 7 | |
| 0.3.2 | 0 / 7 | |
| 0.3.1 | 0 / 7 | |
| 0.3.0 | 0 / 7 | |
| 0.2.37 | 0 / 7 | |
| 0.2.36 | 0 / 7 | |
| 0.2.35 | 0 / 7 | |
| 0.2.34 | 0 / 7 | |
| 0.2.33 | 0 / 7 | |
| 0.2.32 | 0 / 7 | |
| 0.2.31 | 0 / 7 | |
| 0.2.30 | 0 / 4 | |
| 0.2.29 | 3 / 4 | |
| 0.2.28 | 3 / 4 | |
| 0.0.125 | 0 / 1 | |
| 0.0.124 | 0 / 1 | |
| 0.0.123 | 0 / 1 | |
| 0.0.122 | 0 / 1 | |
| 0.0.121 | 0 / 1 | |
| 0.0.120 | 0 / 1 | |
| 0.0.119 | 0 / 1 | |
| 0.0.118 | 0 / 1 | |
| 0.0.117 | 0 / 1 | |
| 0.0.116 | 0 / 1 | |
| 0.0.115 | 0 / 1 | |
| 0.0.114 | 0 / 1 | |
| 0.0.113 | 0 / 1 | |
| 0.0.110 | 0 / 1 | |
| 0.0.109 | 0 / 1 | |
| 0.0.108 | 0 / 1 | |
| 0.0.107 | 0 / 1 | |
| 0.0.106 | 0 / 1 | |
| 0.0.105 | 0 / 1 | |
| 0.0.104 | 0 / 1 | |
| 0.0.103 | 0 / 1 | |
| 0.0.102 | 0 / 1 | |
| 0.0.101 | 0 / 1 | |
| 0.0.100 | 0 / 1 | |
| 0.0.99 | 0 / 1 | |
| 0.0.98 | 0 / 1 | |
| 0.0.97 | 0 / 1 | |
| 0.0.96 | 0 / 1 | |
| 0.0.95 | 0 / 1 |
v0.3.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.124
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.123
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.122
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.121
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.120
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.119
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.118
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.117
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.116
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.115
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.114
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.110
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.103
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.