corsair — Greenflagged

Corsair gives you (or your agent) safe access to hundreds of integrations. It natively handles all integration plumbing. The only code you write is the code that's specific to your use case. Your data stays in your database, not a third-party service.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

corsair.dev

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/oauth.js	AI (source-diff): Minified bundler output (tsup) with readable OAuth/crypto logic; not obfuscation.	ai	2026/04/29
publish-pattern	new-deps-added	AI (publish-pattern): kysely is a well-established TypeScript SQL query builder; its addition is consistent with the package's db/orm exports.	ai	2026/04/27
source-diff	large-new-source-files	AI (source-diff): Package is a plugin framework actively adding API integrations; large file counts reflect new plugin modules, not injected code.	ai	2026/04/27
source-diff	source-size-tripled	AI (source-diff): Size growth is explained by new plugin integrations (Spotify, Google Drive, etc.) with large type definition files; consistent with legitimate feature expansion.	ai	2026/04/27
bogus-package	bogus-package	AI (bogus-package): Package appears to be an internal/private framework; missing metadata is a hygiene issue but consistent across all 61 versions with no malicious indicators.	ai	2026/04/27
phantom-deps	phantom-dep:uuidv7	AI (phantom-deps): uuidv7 is a declared runtime dependency legitimately used in the codebase; false positive.	ai	2026/04/27
dependencies	unvetted-dep:kysely-postgres-js	AI (dependencies): kysely-postgres-js is a legitimate, well-known PostgreSQL adapter for Kysely. Its addition is consistent with the package's existing kysely dependency and db/orm export paths.	ai	2026/04/26
phantom-deps	phantom-dep:kysely-postgres-js	AI (phantom-deps): kysely-postgres-js is a declared dependency for DB integration; not directly imported in library code but provided for consumers. Stable false positive.	ai	2026/04/25
phantom-deps	phantom-dep:uuid	AI (phantom-deps): uuid is a declared dependency likely used by consumers of this framework; phantom-dep finding is a stable false positive for this package.	ai	2026/04/25

Versions (showing 51 of 74)

View all versions

Version	Deps	Published
1.0.0	1 / 8	2026-01-24
0.1.75	4 / 14	2026-06-08
0.1.74	4 / 14	2026-06-04
0.1.73	4 / 14	2026-06-04
0.1.72	4 / 14	2026-06-04
0.1.71	4 / 14	2026-06-04
0.1.70	4 / 14	2026-05-21
0.1.69	4 / 14	2026-05-18
0.1.68	4 / 14	2026-05-14
0.1.67	4 / 14	2026-05-05
0.1.66	4 / 14	2026-04-29
0.1.65	4 / 14	2026-04-28
0.1.64	4 / 14	2026-04-28
0.1.63	4 / 14	2026-04-26
0.1.62	4 / 14	2026-04-26
0.1.61	4 / 14	2026-04-26
0.1.60	4 / 14	2026-04-25
0.1.59	4 / 14	2026-04-18
0.1.58	4 / 14	2026-04-17
0.1.57	4 / 15	2026-04-17
0.1.56	4 / 14	2026-04-16
0.1.55	3 / 13	2026-04-15
0.1.54	3 / 13	2026-04-09
0.1.53	3 / 13	2026-04-09
0.1.52	3 / 13	2026-04-08
0.1.51	3 / 13	2026-04-07
0.1.50	3 / 13	2026-04-05
0.1.49	3 / 13	2026-04-05
0.1.48	3 / 13	2026-04-04
0.1.47	3 / 13	2026-04-03
0.1.46	3 / 13	2026-04-03
0.1.45	3 / 13	2026-03-30
0.1.44	3 / 13	2026-03-30
0.1.43	3 / 13	2026-03-30
0.1.42	3 / 13	2026-03-24
0.1.41	3 / 13	2026-03-19
0.1.40	3 / 13	2026-03-19
0.1.39	3 / 13	2026-03-18
0.1.38	3 / 13	2026-03-18
0.1.37	3 / 13	2026-03-18
0.1.36	3 / 13	2026-03-17
0.1.35	3 / 13	2026-03-16
0.1.33	3 / 13	2026-03-14
0.1.32	3 / 13	2026-03-13
0.1.31	3 / 13	2026-03-13
0.1.30	3 / 13	2026-03-13
0.1.28	3 / 13	2026-03-07
0.1.27	3 / 13	2026-03-07
0.1.26	3 / 11	2026-03-03
0.1.25	3 / 11	2026-03-03
0.1.24	3 / 11	2026-03-03