signalk-server
An implementation of a [Signal K](http://signalk.org) server for boats.
3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
tkurkisbender
Keywords
signalkkjsonnmeaseatalkgpssailingboatmarinenautic
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:as-fetch | AI (dependencies): Long-established package with SLSA provenance; unvetted transitive deps are expected at this scale. | ai | |
| dependencies | unvetted-dep:api-schema-builder | AI (dependencies): Long-established package with SLSA provenance; unvetted transitive deps are expected at this scale. | ai | |
| dependencies | unvetted-dep:@astronautlabs/mdns | AI (dependencies): mDNS is a natural dependency for a Signal K server; SLSA provenance and package history support acceptance. | ai | |
| dependencies | unvetted-dep:@signalk/resources-provider | AI (dependencies): First-party @signalk scoped package; consistent with the project's own ecosystem. | ai | |
| phantom-deps | phantom-dep:openid-client | AI (phantom-deps): Auth dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:bonjour-service | AI (phantom-deps): mDNS dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:file-timestamp-stream | AI (phantom-deps): Logging dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:ora | AI (phantom-deps): CLI utility dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@signalk/server-admin-ui | AI (phantom-deps): Own ecosystem dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@signalk/resources-provider | AI (phantom-deps): Own ecosystem dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@signalk/course-provider | AI (phantom-deps): Own ecosystem dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): CLI utility dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:clear | AI (phantom-deps): CLI utility dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:prompts | AI (phantom-deps): CLI utility dep; phantom-dep heuristic false positive for this package. | ai |
v2.27.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.26.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.25.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.