@learncard/learn-cloud-service MIT 6 versions

@learncard/learn-cloud-service

npm Repository Homepage

6

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

gerardoparcustard7smurflo2taylorbeestonjonny2lips

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@learncard/did-web-plugin	AI (phantom-deps): Same-org plugin, likely loaded dynamically or via config; stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:@types/lodash	AI (phantom-deps): Type-only package loaded by convention; stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:serverless-offline	AI (phantom-deps): Dev/config-file reference for serverless framework; stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:neogma	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/23
semgrep	semgrep:new-function-constructor	AI (semgrep): Fires inside bundled swagger-ui-es-bundle-core.js; not package-authored code, stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:cors	AI (phantom-deps): Serverless/config-file reference in a monorepo service; stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:uuid	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/23
phantom-deps	phantom-dep:tsc-alias	AI (phantom-deps): Build-time tool referenced in scripts; stable false positive.	ai	2026/05/23
phantom-deps	phantom-dep:zod-openapi	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/23
phantom-deps	phantom-dep:neo4j-driver	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/23
semgrep	semgrep:base64-decode	AI (semgrep): Standard AWS Lambda base64 body decoding pattern; not malicious.	ai	2026/05/01
semgrep	semgrep:hex-decode	AI (semgrep): Hex encoding in crypto helper for number-to-buffer conversion; not obfuscation.	ai	2026/05/01

Versions (showing 6 of 6)

Version	Deps	Published
2.5.20	43 / 25	2026-06-11
2.5.19	43 / 25	2026-06-04
2.5.18	43 / 25	2026-06-03
2.5.17	43 / 25	2026-05-21
2.5.16	43 / 25	2026-05-13
2.5.13	43 / 25	2026-04-29

v2.5.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.