← Home

@cubejs-backend/shared

npm Repository Homepage

Shared code for Cube.js backend packages

5
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

cubedevincstatsbotkeydunovmaxim_cube

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
bogus-package bogus-package AI (bogus-package): Internal monorepo package; sparse README and no keywords are expected for shared backend utilities. ai
dependencies unvetted-dep:moment-range AI (dependencies): moment-range is a legitimate date-range extension; stable dependency in this package across many versions. ai

Versions (showing 5 of 107)

Version Deps Published
1.3.15 15 / 11
1.3.14 15 / 11
1.3.13 15 / 11
1.3.12 15 / 11
1.3.11 15 / 11

v1.3.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.