← Home

monacopilot

npm Repository Homepage
4
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

arshadyaseen

Keywords

monaco-editormonacoaiauto-completioncode-completioncopilotgithub-copilot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance slsa-provenance AI (provenance): Package consistently published via CI/CD with Sigstore attestation; stable signal for this package. ai
dependencies unvetted-dep:@monacopilot/core AI (dependencies): First-party scoped package from the same monacopilot monorepo; not an external dependency risk. ai

Versions (showing 4 of 4)

Version Deps Published
1.2.12 1 / 3
1.2.11 1 / 3
1.2.10 1 / 3
1.2.7 1 / 3

v1.2.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.7

2 findings
HIGH Unclaimed maintainer email domain: arshadyaseen.com email-domain

Maintainer email '[email protected]' uses domain 'arshadyaseen.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.