← Home

tracked-built-ins

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

chriskrychokatiegengler

Keywords

ember-addon

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:decorator-transforms AI (phantom-deps): decorator-transforms is a declared runtime dep used via build config, not directly imported in source — stable FP for this package. ai
dependencies unvetted-dep:decorator-transforms AI (dependencies): Legitimate Embroider/Ember ecosystem build dependency; stable pattern for this addon. ai
dependencies unvetted-dep:@embroider/addon-shim AI (dependencies): Standard @embroider shim for v2 Ember addons; expected dependency for this package. ai

Versions (showing 3 of 3)

Version Deps Published
4.1.2 2 / 27
4.1.1 2 / 27
4.1.0 3 / 27

v4.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.