← Home

@ydbjs/api

npm Repository Homepage
7
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ydb-platform

Keywords

apidatabasegrpcprotobuftypescriptydb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:hapi AI (typosquat): Scoped @ydbjs package under ydb-platform org; no relation to hapi. Stable false positive. ai
typosquat typosquat.levenshtein:pg AI (typosquat): Scoped @ydbjs package; no relation to pg. Stable false positive. ai
typosquat typosquat.levenshtein:joi AI (typosquat): Scoped @ydbjs package; no relation to joi. Stable false positive. ai
typosquat typosquat.levenshtein:ajv AI (typosquat): Scoped @ydbjs package; no relation to ajv. Stable false positive. ai
phantom-deps phantom-dep:nice-grpc AI (phantom-deps): gRPC type definitions package; nice-grpc is a declared dep used for type re-exports, not direct imports. ai
phantom-deps phantom-dep:@grpc/grpc-js AI (phantom-deps): API definitions package; @grpc/grpc-js referenced in config/type context, not direct runtime imports. ai

Versions (showing 7 of 7)

Version Deps Published
6.0.6 3 / 2
6.0.5 3 / 2
6.0.4 3 / 2
6.0.3 3 / 2
6.0.2 3 / 2
6.0.1 3 / 2
6.0.0 3 / 2

v6.0.6

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.5

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.4

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.3

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.2

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.1

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.0

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'hapi' typosquat

Package name '@ydbjs/api' is 1 edit(s) away from popular package 'hapi'.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.