weaviate-client — Greenflagged

JS/TS client for Weaviate

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

weaviate-iodaniel-weaviateweaviate-tommyaugustas-weaviate

Keywords

weaviate

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from individual maintainer to GitHub Actions CI/CD publishing, confirmed by SLSA provenance attestation. Standard org practice.	ai	2026/04/23
phantom-deps	phantom-dep:graphql	AI (phantom-deps): graphql is a declared dependency used transitively via graphql-request; not a phantom dep.	ai	2026/04/23

Versions (showing 73 of 73)

Hide prereleases

Version	Deps	Published
3.13.0	9 / 34	2026-04-28
3.12.1	9 / 34	2026-04-02
3.12.0	9 / 34	2026-03-03
3.11.0	9 / 34	2026-01-26
3.10.0	8 / 35	2025-11-28
3.9.0	8 / 35	2025-09-26
3.8.1	8 / 35	2025-08-21
3.8.0	8 / 35	2025-07-23
3.7.0	8 / 35	2025-07-17
3.6.2	8 / 35	2025-06-13
3.6.1	8 / 35	2025-06-10
3.6.0	8 / 35	2025-06-02
3.5.4	8 / 35	2025-05-13
3.5.3	8 / 35	2025-05-02
3.5.2	8 / 35	2025-04-10
3.5.1	8 / 35	2025-04-04
3.5.0	8 / 35	2025-04-03
3.4.2	8 / 35	2025-03-26
3.4.1	8 / 35	2025-03-07
3.4.0	8 / 35	2025-02-18
3.3.6	8 / 35	2025-01-29
3.3.4	8 / 35	2025-01-15
3.3.3	8 / 35	2025-01-14
3.3.2	8 / 35	2025-01-13
3.3.1	8 / 35	2025-01-03
3.3.0	8 / 35	2024-12-19
3.2.5	8 / 35	2024-11-29
3.2.4	6 / 39	2024-11-22
3.2.3	6 / 39	2024-11-13
3.2.2	6 / 38	2024-11-06
3.2.1	6 / 38	2024-10-25
3.2.0	6 / 38	2024-10-24
3.1.5	6 / 38	2024-09-20
3.1.4	6 / 38	2024-08-06
3.1.3	6 / 38	2024-07-26
3.1.2	6 / 38	2024-07-26
3.1.1	6 / 38	2024-07-26
3.1.0	6 / 38	2024-07-23
3.0.9	6 / 36	2024-07-10
3.0.8	6 / 36	2024-06-24
3.0.7	6 / 36	2024-06-21
3.0.6	6 / 36	2024-06-19
3.0.5	6 / 36	2024-06-13
3.0.4	6 / 36	2024-06-13
3.0.3	6 / 36	2024-06-04
3.0.2	6 / 36	2024-06-03
3.0.1	6 / 36	2024-06-03
3.0.0	6 / 36	2024-06-03
2.14.5	3 / 9	2023-03-07
2.14.4	3 / 9	2023-02-07
2.14.3	3 / 9	2023-01-27
2.14.2	3 / 7	2022-12-27
2.14.1	2 / 9	2022-12-23
2.14.0	2 / 8	2022-12-20
2.13.0	2 / 8	2022-10-31
2.12.1	2 / 8	2022-09-27
2.12.0	2 / 8	2022-09-07
2.11.1	2 / 8	2022-07-12
2.11.0	2 / 8	2022-07-07
2.10.1	2 / 8	2022-05-31
2.3.0	2 / 8	2021-06-07
2.2.0	2 / 8	2021-04-23
2.1.0	2 / 8	2021-04-20
2.0.0	2 / 8	2021-01-12
1.1.2	2 / 8	2020-10-03
1.1.1	2 / 8	2020-10-03
1.1.0	2 / 8	2020-10-03
1.0.0	2 / 2	2020-09-15
0.0.1	1 / 0	2020-06-30
3.12.0-alpha.0	9 / 34	2026-02-03
3.9.0-rc.0	8 / 35	2025-09-04
3.8.0-alpha.1	8 / 35	2025-07-22
3.8.0-alpha.0	8 / 35	2025-07-21

v3.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.12.0

2 findings

HIGH Publisher changed: weaviate-tommy → GitHub Actions (on 2026-03-03) provenance

This version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.