← Home

@prisma/client-generator-js

npm Repository Homepage

This package is intended for Prisma's internal use

5
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jkomynonilubavaprismabotaqrlntylerhogarthankur-datta-007jloots

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@prisma/engines-version AI (dependencies): Internal Prisma engines-version package pinned to a specific commit; standard pattern across all Prisma releases. ai
phantom-deps phantom-dep:@prisma/fetch-engine AI (phantom-deps): Same-org sibling dep in prisma monorepo; phantom detection is a false positive here. ai
phantom-deps phantom-dep:@prisma/get-platform AI (phantom-deps): Same-org sibling dep in prisma monorepo; phantom detection is a false positive here. ai
phantom-deps phantom-dep:ts-pattern AI (phantom-deps): Listed as runtime dep; phantom signal likely due to indirect/bundled usage. ai
bogus-package bogus-package AI (bogus-package): Intentionally minimal README for an internal Prisma tooling package; not a spam indicator. ai

Versions (showing 5 of 5)

Version Deps Published
7.8.0 17 / 1
7.4.2 17 / 2
7.0.1 16 / 2
6.19.3 17 / 2
6.19.2 17 / 2

v7.8.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.19.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.