← Home

@galaxy-tool-util/schema

npm Repository Homepage

Effect Schema parameter types and validators for Galaxy tools

10
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jmchilton

Keywords

galaxytool-utilschema

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition to GitHub Actions CI publishing with SLSA provenance; consistent with legitimate automation adoption. ai
provenance missing-githead AI (provenance): GitHub Actions publish workflow change explains missing gitHead; SLSA provenance provides stronger commit linkage. ai
source-diff large-new-source-files AI (source-diff): Large new files are generated schema artifacts (tests.schema.generated.*) consistent with the build script and package purpose. ai

Versions (showing 10 of 10)

Version Deps Published
1.7.1 4 / 0
1.7.0 4 / 0
1.6.0 4 / 0
1.5.0 4 / 0
1.2.0 4 / 0
1.1.0 4 / 0
1.0.0 4 / 0
0.4.0 4 / 1
0.2.0 1 / 3
0.1.0 1 / 3

v1.7.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

v1.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.