← Home

rhachet-brains-xai

npm Repository Homepage
10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

uladkasach

Keywords

rhachetbrainxaigrokllmai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@openai/codex-sdk AI (phantom-deps): Config-only reference pattern consistent with this publisher's package family. ai
phantom-deps phantom-dep:type-fns AI (phantom-deps): Config-only reference pattern consistent with this publisher's package family. ai
phantom-deps phantom-dep:wrapper-fns AI (phantom-deps): Config-only reference pattern consistent with this publisher's package family. ai
phantom-deps phantom-dep:helpful-errors AI (phantom-deps): Config-only reference pattern consistent with this publisher's package family. ai
npm-metadata suspicious-initial-version AI (npm-metadata): Publisher consistently uses 0.0.0 as initial version across the rhachet package family; not indicative of malicious intent. ai
phantom-deps phantom-dep:rhachet-artifact AI (phantom-deps): Referenced in config files only; stable false positive for this package. ai
phantom-deps phantom-dep:rhachet-artifact-git AI (phantom-deps): Referenced in config files only; stable false positive for this package. ai
phantom-deps phantom-dep:domain-objects AI (phantom-deps): Referenced in config files (depcheck/tsconfig) rather than runtime imports; stable false positive for this package. ai

Versions (showing 10 of 10)

Version Deps Published
0.3.3 8 / 29
0.3.2 8 / 29
0.3.1 8 / 29
0.2.1 9 / 27
0.2.0 8 / 28
0.1.3 7 / 27
0.1.2 7 / 27
0.1.1 7 / 27
0.1.0 7 / 27
0.0.0 9 / 27

v0.3.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.