@platforma-sdk/model
Platforma.bio SDK / Block Model
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() used inside a Proxy trap — standard JS pattern, not obfuscation. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): zod is a declared runtime dependency in package.json; phantom-dep is a false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Sparse metadata is consistent across 220 versions of this established SDK package; not indicative of spam. | ai |
Versions (showing 51 of 152)
| Version | Deps | Published |
|---|---|---|
| 1.42.20 | 5 / 8 | |
| 1.42.16 | 5 / 10 | |
| 1.42.15 | 5 / 10 | |
| 1.42.10 | 5 / 10 | |
| 1.42.8 | 5 / 10 | |
| 1.42.4 | 5 / 10 | |
| 1.42.1 | 5 / 10 | |
| 1.42.0 | 5 / 10 | |
| 1.41.6 | 5 / 10 | |
| 1.41.4 | 5 / 10 | |
| 1.41.3 | 5 / 10 | |
| 1.41.2 | 5 / 10 | |
| 1.41.1 | 5 / 10 | |
| 1.41.0 | 5 / 10 | |
| 1.40.6 | 5 / 9 | |
| 1.40.5 | 5 / 9 | |
| 1.40.1 | 5 / 9 | |
| 1.40.0 | 5 / 9 | |
| 1.39.18 | 5 / 9 | |
| 1.39.8 | 5 / 9 | |
| 1.39.7 | 5 / 9 | |
| 1.39.6 | 5 / 9 | |
| 1.39.0 | 5 / 9 | |
| 1.38.0 | 5 / 9 | |
| 1.37.18 | 5 / 8 | |
| 1.37.14 | 5 / 8 | |
| 1.37.11 | 5 / 8 | |
| 1.37.2 | 5 / 8 | |
| 1.37.0 | 5 / 8 | |
| 1.34.10 | 5 / 8 | |
| 1.34.8 | 5 / 8 | |
| 1.34.0 | 5 / 8 | |
| 1.33.17 | 5 / 8 | |
| 1.33.16 | 5 / 8 | |
| 1.33.14 | 5 / 8 | |
| 1.33.10 | 5 / 8 | |
| 1.33.8 | 5 / 8 | |
| 1.33.2 | 5 / 8 | |
| 1.32.1 | 5 / 8 | |
| 1.31.17 | 5 / 8 | |
| 1.31.16 | 5 / 8 | |
| 1.31.15 | 5 / 8 | |
| 1.31.14 | 5 / 8 | |
| 1.31.6 | 5 / 8 | |
| 1.30.37 | 5 / 8 | |
| 1.30.26 | 5 / 8 | |
| 1.30.24 | 5 / 8 | |
| 1.30.21 | 5 / 8 | |
| 1.30.11 | 5 / 8 | |
| 1.30.3 | 5 / 8 | |
| 1.30.0 | 5 / 8 |
v1.42.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.42.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.41.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.40.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.40.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.40.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.40.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.39.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.38.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.37.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.33.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.32.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.31.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.31.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.31.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.31.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.31.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.