@firebase/database-compat

The Realtime Database component of the Firebase JS SDK.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

firebase-opsfeiyang.chengoogle-wombotchholland

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	dormant-publish	AI (publish-pattern): google-wombot is Google's trusted automation publisher; dormancy in a compat package is expected as Firebase SDK evolves. No material changes in this version diff.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): google-wombot is Google's known Firebase publishing automation account; the transition from individual maintainers to this bot is a documented, ecosystem-wide pattern across all Firebase npm packages.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removal is consistent with Google's consolidation of Firebase publishing under the google-wombot automation account; not indicative of a takeover.	ai	2026/04/22
dependencies	unvetted-dep:@firebase/database-types	AI (dependencies): First-party Firebase package; expected dependency for @firebase/database-compat.	ai	2026/04/22
dependencies	unvetted-dep:@firebase/database	AI (dependencies): First-party Firebase package; expected dependency for @firebase/database-compat.	ai	2026/04/22
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a standard TypeScript runtime helper commonly used as an implicit dependency in TypeScript-compiled Firebase packages; stable false positive.	ai	2026/04/22
dependencies	unvetted-dep:@firebase/util	AI (dependencies): First-party Firebase package; expected dependency for @firebase/database-compat.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): This is an internal Firebase SDK compat sub-package in a monorepo; sparse README and no keywords are expected and stable across versions.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Firebase SDK packages published by google-wombot predate Sigstore provenance adoption; absence is expected and consistent across all versions.	ai	2026/04/21

Versions (showing 51 of 52)

Show 234 prereleases View all versions

Version	Deps	Published
2.1.4	6 / 2	2026-05-07
2.1.3	6 / 2	2026-04-09
2.1.2	6 / 2	2026-03-19
2.1.1	6 / 2	2026-02-27
2.1.0	6 / 2	2025-07-17
2.0.11	6 / 2	2025-06-30
2.0.10	6 / 2	2025-05-22
2.0.9	6 / 2	2025-05-20
2.0.8	6 / 2	2025-05-14
2.0.7	6 / 2	2025-05-14
2.0.6	6 / 2	2025-05-07
2.0.5	6 / 2	2025-03-20
2.0.4	6 / 2	2025-02-27
2.0.3	6 / 2	2025-02-06
2.0.2	6 / 2	2025-01-16
2.0.1	6 / 2	2024-11-14
2.0.0	6 / 2	2024-10-22
1.0.9	6 / 2	2024-10-21
1.0.8	6 / 2	2024-09-18
1.0.7	6 / 2	2024-08-01
1.0.6	6 / 2	2024-07-03
1.0.5	6 / 2	2024-05-13
1.0.4	6 / 2	2024-03-28
1.0.3	6 / 2	2024-02-01
1.0.2	6 / 2	2023-12-05
1.0.1	6 / 2	2023-07-20
1.0.0	6 / 2	2023-07-07
0.3.4	6 / 2	2023-03-02
0.3.3	6 / 2	2023-02-03
0.3.2	6 / 2	2023-02-02
0.3.1	6 / 2	2023-01-19
0.3.0	6 / 2	2022-12-08
0.2.10	6 / 1	2022-10-27
0.2.9	6 / 1	2022-10-12
0.2.8	6 / 1	2022-10-11
0.2.7	6 / 1	2022-10-06
0.2.6	6 / 1	2022-09-02
0.2.5	6 / 1	2022-08-18
0.2.4	6 / 1	2022-08-04
0.2.3	6 / 1	2022-07-07
0.2.2	6 / 1	2022-06-23
0.2.1	6 / 1	2022-06-09
0.2.0	6 / 1	2022-05-06
0.1.8	6 / 1	2022-04-14
0.1.7	6 / 1	2022-03-24
0.1.6	6 / 1	2022-03-17
0.1.5	6 / 1	2022-01-07
0.1.4	6 / 1	2021-11-08
0.1.3	6 / 1	2021-11-04
0.1.2	6 / 1	2021-10-14
0.1.1	6 / 1	2021-09-24