assistant-cloud MIT 36 versions

assistant-cloud

npm Repository Homepage

Cloud integration for assistant-ui

36

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

yonomagentbase-bot

Keywords

assistantcloudaichatassistant-ui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from yonom to GitHub Actions is an intentional CI/CD migration, confirmed by SLSA provenance attestation and publishConfig.provenance:true in package.json. Generalizes to future versions published via the same workflow.	ai	2026/04/26
dependencies	unvetted-dep:assistant-stream	AI (dependencies): assistant-stream is a sibling package from the same assistant-ui monorepo (AgentbaseAI Inc.); the unvetted signal is a routine artifact of intra-monorepo dependencies, not an independent risk.	ai	2026/04/25

Versions (showing 36 of 36)

Version	Deps	Published
0.1.32	1 / 3	2026-06-08
0.1.31	1 / 3	2026-06-04
0.1.30	1 / 3	2026-05-31
0.1.29	1 / 3	2026-05-25
0.1.28	1 / 3	2026-05-21
0.1.27	1 / 3	2026-04-24
0.1.26	1 / 3	2026-04-13
0.1.25	1 / 3	2026-04-06
0.1.24	1 / 3	2026-04-02
0.1.23	1 / 3	2026-03-26
0.1.22	1 / 3	2026-03-17
0.1.21	1 / 3	2026-03-04
0.1.20	1 / 3	2026-02-26
0.1.19	1 / 3	2026-02-25
0.1.18	1 / 3	2026-02-19
0.1.17	1 / 3	2026-02-06
0.1.16	1 / 3	2026-02-04
0.1.15	1 / 3	2026-01-29
0.1.13	1 / 3	2026-01-21
0.1.12	1 / 3	2025-12-20
0.1.11	1 / 4	2025-12-12
0.1.10	1 / 4	2025-12-08
0.1.9	1 / 4	2025-11-27
0.1.8	1 / 4	2025-11-19
0.1.7	1 / 4	2025-11-14
0.1.6	1 / 4	2025-11-04
0.1.5	1 / 6	2025-10-22
0.1.4	1 / 6	2025-10-18
0.1.3	1 / 6	2025-10-03
0.1.2	1 / 6	2025-09-29
0.1.1	1 / 6	2025-08-15
0.1.0	1 / 6	2025-08-14
0.0.4	1 / 6	2025-08-01
0.0.3	1 / 6	2025-07-10
0.0.2	1 / 6	2025-06-17
0.0.1	1 / 5	2025-06-14

v0.1.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.29

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.24

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.23

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.22

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-03-17) provenance

This version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.21

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.20

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-02-26) provenance

This version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.19

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.18

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.17

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-02-06) provenance

This version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.16

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-02-04) provenance

This version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.15

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-01-29) provenance

This version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.13

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2026-01-21) provenance

This version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.12

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2025-12-20) provenance

This version was published by a different npm account than previous versions on 2025-12-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.11

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2025-12-12) provenance

This version was published by a different npm account than previous versions on 2025-12-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.10

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2025-12-08) provenance

This version was published by a different npm account than previous versions on 2025-12-08. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.9

2 findings

HIGH Publisher changed: yonom → GitHub Actions (on 2025-11-27) provenance

This version was published by a different npm account than previous versions on 2025-11-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.