@prisma/client-common Apache-2.0 16 versions

@prisma/client-common

npm Repository Homepage

This package is intended for Prisma's internal use

16

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jkomynonilubavaprismabotaqrlntylerhogarthankur-datta-007jloots

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Prisma migrated publishing to GitHub Actions CI with SLSA attestation; this is the expected new publisher for all future versions.	ai	2026/05/16
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy reflects major version development cycle (v6→v7); SLSA provenance confirms legitimate CI publish.	ai	2026/05/16
phantom-deps	phantom-dep:@prisma/internals	AI (phantom-deps): Same-org internal dependency; phantom-dep heuristic is a stable false positive for this Prisma monorepo package.	ai	2026/04/29
bogus-package	bogus-package	AI (bogus-package): Intentionally internal package; sparse README and no keywords are expected and stable across versions.	ai	2026/04/29

Versions (showing 16 of 16)

Version	Deps	Published
7.8.0	6 / 0	2026-04-22
7.7.0	6 / 0	2026-04-07
7.6.0	6 / 0	2026-03-27
7.5.0	6 / 0	2026-03-11
7.4.2	6 / 0	2026-02-27
7.4.1	6 / 0	2026-02-19
7.4.0	6 / 0	2026-02-11
7.3.0	5 / 0	2026-01-21
7.2.0	5 / 0	2025-12-17
7.1.0	5 / 0	2025-12-03
7.0.1	5 / 0	2025-11-25
7.0.0	5 / 0	2025-11-19
6.19.3	5 / 0	2026-04-01
6.19.2	5 / 0	2026-01-13
6.19.1	5 / 0	2025-12-10
6.19.0	5 / 0	2025-11-05

v7.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-03-27) provenance

This version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.2

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-02-27) provenance

This version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.1

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-01-21) provenance

This version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2025-12-17) provenance

This version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2025-12-03) provenance

This version was published by a different npm account than previous versions on 2025-12-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2025-11-25) provenance

This version was published by a different npm account than previous versions on 2025-11-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2025-11-19) provenance

This version was published by a different npm account than previous versions on 2025-11-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.2

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2026-01-13) provenance

This version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.1

2 findings

HIGH Publisher changed: prismabot → GitHub Actions (on 2025-12-10) provenance

This version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.