@awell-health/awell-extensions No license 15 versions

@awell-health/awell-extensions

npm Repository Homepage

Versions

—

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

awell-jonathanebomcke-awellpawelskr

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Provenance attestation is absent in ~88% of npm packages; not a disqualifier for an established, well-maintained package with strong publisher history.	ai	2026/04/26
npm-metadata	no-description	AI (npm-metadata): Established 1070-day-old package with proper repo/homepage URLs; missing description is a cosmetic issue, not a malware signal.	ai	2026/04/25
phantom-deps	phantom-dep:xml2js	AI (phantom-deps): xml2js is a declared runtime dependency; indirect usage pattern is expected in a large multi-integration extensions library.	ai	2026/04/25
phantom-deps	phantom-dep:@types/json-schema	AI (phantom-deps): Framework-scoped type package loaded by convention; stable false positive for this package.	ai	2026/04/25
phantom-deps	phantom-dep:jsonpath	AI (phantom-deps): jsonpath is a declared runtime dependency; indirect usage pattern is expected in this extensions library.	ai	2026/04/25
phantom-deps	phantom-dep:openai	AI (phantom-deps): openai is a declared runtime dependency used in LangChain/AI integrations within this extensions library; indirect import pattern is expected.	ai	2026/04/25
dependencies	unvetted-dep:sanitize-html	AI (dependencies): sanitize-html is a well-known, legitimate HTML sanitization library; expected dependency for a healthcare extensions platform.	ai	2026/04/25
dependencies	unvetted-dep:docusign-esign	AI (dependencies): docusign-esign is the official DocuSign Node.js SDK; expected dependency for a healthcare workflow extensions package.	ai	2026/04/25

Versions (showing 15 of 215)

Version	Deps	Published
2.0.251	50 / 50	2025-05-08
2.0.250	50 / 50	2025-05-07
2.0.249	50 / 50	2025-05-07
2.0.248	50 / 50	2025-05-06
2.0.247	50 / 50	2025-05-06
2.0.246	50 / 50	2025-05-06
2.0.245	50 / 50	2025-05-06
2.0.244	50 / 50	2025-05-06
2.0.243	50 / 50	2025-05-06
2.0.242	50 / 50	2025-05-06
2.0.241	50 / 47	2025-05-05
2.0.240	50 / 47	2025-05-01
2.0.239	50 / 47	2025-05-01
2.0.238	50 / 47	2025-04-30
2.0.237	50 / 47	2025-04-28