← Home

@wp-playground/storage

npm Repository Homepage

Bindings for storing WordPress Playground on different backends.

20
Versions
GPL-2.0-or-later
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bgrgicakadamzielbrandonpayton-a8csejasdanielbachhuberyannickdecatjanjakesakirk

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:selfsigned AI (phantom-deps): Newly added runtime dep; config-referenced pattern consistent with package. ai
phantom-deps phantom-dep:ws AI (phantom-deps): Config-referenced dependency; stable pattern for this package. ai
phantom-deps phantom-dep:yargs AI (phantom-deps): Config-referenced dependency; stable pattern for this package. ai
phantom-deps phantom-dep:fs-ext AI (phantom-deps): Optional platform-specific dependency; stable for this package. ai
phantom-deps phantom-dep:express AI (phantom-deps): Config-referenced dependency; stable pattern for this package. ai
phantom-deps phantom-dep:@php-wasm/web AI (phantom-deps): Platform-specific binary package; stable for this package. ai
phantom-deps phantom-dep:@php-wasm/universal AI (phantom-deps): Platform-specific binary package; stable for this package. ai
phantom-deps phantom-dep:wasm-feature-detect AI (phantom-deps): Config-referenced dependency; stable pattern for this package. ai
dependencies unvetted-dep:minimisted AI (dependencies): minimisted is a phantom dep (not directly imported); stable false positive for this package. ai
phantom-deps phantom-dep:simple-get AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
semgrep semgrep:hex-decode AI (semgrep): Fires on minified bundle; snippet shows git object parsing, not actual hex decoding of a payload. ai
phantom-deps phantom-dep:readable-stream AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:clean-git-ref AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
bogus-package bogus-package AI (bogus-package): Official WordPress monorepo package; sparse README/keywords are expected for a scoped utility package. ai
phantom-deps phantom-dep:ini AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:pify AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:diff3 AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:ignore AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:sha.js AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:async-lock AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai
phantom-deps phantom-dep:minimisted AI (phantom-deps): Bundled monorepo package; deps are bundled into index.cjs and may not appear as direct imports. ai

Versions (showing 20 of 20)

Version Deps Published
3.1.36 7 / 0
3.1.35 7 / 0
3.1.34 7 / 0
3.1.33 7 / 0
3.1.32 7 / 0
3.1.31 7 / 0
3.1.30 7 / 0
3.1.29 7 / 0
3.1.22 17 / 0
3.1.21 17 / 0
3.1.20 17 / 0
3.1.19 17 / 0
3.1.18 17 / 0
3.1.15 17 / 0
3.1.14 17 / 0
3.0.54 23 / 0
3.0.32 23 / 0
3.0.17 23 / 0
3.0.2 23 / 0
3.0.1 23 / 0

v3.1.36

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.35

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.34

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.33

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.32

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.31

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.22

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.20

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.32

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.