effect
7
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
michael.arnaldieffect-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is used inside a standard Proxy get trap handler — idiomatic ES6 Proxy/Reflect pattern in a large TypeScript library, not obfuscation. | ai | |
| dependencies | unvetted-dep:fast-check | AI (dependencies): fast-check is a well-known property-based testing library; its use as a dependency in the effect ecosystem is expected and benign. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 3.21.4 | 2 / 0 | |
| 3.21.3 | 2 / 0 | |
| 3.21.2 | 2 / 0 | |
| 3.21.1 | 2 / 0 | |
| 3.21.0 | 2 / 0 | |
| 3.20.1 | 2 / 0 | |
| 3.20.0 | 2 / 0 |
v3.21.4
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.21.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.21.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.21.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.