@malloydata/malloy-profiler

This package enables profiling of the Malloy compiler. Currently it only works with stateless compilation of queries. In the future we can extend it to support other kinds of compilation.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

malloy-lang-usergmadenscullinmtoy

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publisher is confirmed by SLSA/Sigstore attestation; legitimate CI/CD migration for this package.	ai	2026/05/22
phantom-deps	phantom-dep:clinic	AI (phantom-deps): clinic is used via npm script (npx clinic flame), not imported; phantom-dep is a stable false positive for this package.	ai	2026/05/11
bogus-package	bogus-package	AI (bogus-package): Internal tooling package in a monorepo; thin README and no keywords are expected and stable.	ai	2026/05/11
provenance	no-provenance	AI (provenance): Malloydata monorepo packages consistently lack provenance; not a risk signal for this publisher.	ai	2026/04/29

Versions (showing 8 of 110)

Version	Deps	Published
0.0.308	3 / 0	2025-08-29
0.0.307	3 / 0	2025-08-26
0.0.306	3 / 0	2025-08-21
0.0.305	3 / 0	2025-08-19
0.0.304	3 / 0	2025-08-11
0.0.303	3 / 0	2025-08-11
0.0.302	3 / 0	2025-08-09
0.0.300	3 / 0	2025-08-07