@grackle-ai/plugin-orchestration
Orchestration plugin for Grackle — tasks, personas, findings, and escalations
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@grackle-ai/core | AI (phantom-deps): Same-org monorepo dep; declared for transitive use, not a direct import — stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@bufbuild/protobuf | AI (phantom-deps): Referenced in config/proto files rather than direct JS imports; stable FP for this package. | ai |
Versions (showing 29 of 129)
| Version | Deps | Published |
|---|---|---|
| 0.112.2 | 6 / 4 | |
| 0.112.1 | 6 / 4 | |
| 0.112.0 | 6 / 4 | |
| 0.111.0 | 6 / 4 | |
| 0.110.3 | 6 / 4 | |
| 0.110.2 | 6 / 4 | |
| 0.110.1 | 6 / 4 | |
| 0.108.4 | 6 / 4 | |
| 0.108.3 | 6 / 4 | |
| 0.108.2 | 6 / 4 | |
| 0.108.1 | 6 / 4 | |
| 0.108.0 | 6 / 4 | |
| 0.107.2 | 6 / 4 | |
| 0.107.1 | 6 / 4 | |
| 0.107.0 | 6 / 4 | |
| 0.106.3 | 6 / 4 | |
| 0.106.2 | 6 / 4 | |
| 0.106.1 | 6 / 4 | |
| 0.106.0 | 6 / 4 | |
| 0.105.0 | 6 / 4 | |
| 0.104.0 | 6 / 4 | |
| 0.103.0 | 6 / 4 | |
| 0.102.0 | 6 / 4 | |
| 0.101.0 | 6 / 4 | |
| 0.100.1 | 6 / 4 | |
| 0.100.0 | 6 / 4 | |
| 0.99.0 | 6 / 4 | |
| 0.98.0 | 6 / 4 | |
| 0.97.0 | 6 / 4 |
v0.112.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.112.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.112.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.111.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.110.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.108.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.107.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.106.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.106.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.106.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.105.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.104.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.102.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.101.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.100.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.100.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.99.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.98.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.97.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.