← Home

moleculer

npm Repository Homepage
2
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

icebobshawnmcknightandre.mazayev

Keywords

microservicemicroservicesframeworkbackendmessagebusrpcservicesmicropubsubscalabledistributed

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:base64-decode AI (semgrep): Used in JSON extended serializer to decode Buffer values; no exfiltration path. ai
dependencies unvetted-dep:recursive-watch AI (dependencies): Legitimate file-watching dependency used by the runner; stable usage pattern for this package. ai
semgrep semgrep:env-bulk-read AI (semgrep): Reads only MOL_-prefixed env vars for config; legitimate framework behavior. ai
semgrep semgrep:dynamic-require AI (semgrep): Runner loads user-specified config/service files by design; not arbitrary code injection. ai
semgrep semgrep:hex-decode AI (semgrep): Converts Jaeger trace IDs from hex; no malicious payload risk. ai

Versions (showing 2 of 2)

Version Deps Published
0.15.0 9 / 56
0.14.35 10 / 55