@yantrix/core
>Yantrix is a _(mostly)_ TypeScript framework and a DSL, that make up a full instrumental chain to implement robust and self-documented functional applications by code generation in multiple programming languages.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): @yantrix/core is a scoped monorepo package, not a typosquat of cors; the name similarity is coincidental. | ai | |
| phantom-deps | phantom-dep:@yantrix/cli | AI (phantom-deps): @yantrix/cli is used via bin entry, not a direct import; phantom-dep is a stable false positive for this package. | ai |
v0.4.4
2 findingsPackage name '@yantrix/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsPackage name '@yantrix/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
2 findingsPackage name '@yantrix/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
2 findingsPackage name '@yantrix/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.