@prisma/fetch-engine
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Internal Prisma utility package explicitly not intended for public consumption; sparse README and no keywords are expected and stable across versions. | ai | |
| phantom-deps | phantom-dep:@prisma/engines-version | AI (phantom-deps): Same-org version-pinning package; declared as a dep for version resolution purposes without direct import is a known Prisma monorepo pattern. | ai | |
| dependencies | unvetted-dep:@prisma/get-platform | AI (dependencies): First-party Prisma-scoped dependency from the same monorepo; not a third-party risk. | ai | |
| dependencies | unvetted-dep:@prisma/engines-version | AI (dependencies): First-party Prisma-scoped version-pinning package from the same monorepo; not a third-party risk. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 7.8.0 | 3 / 19 | |
| 7.1.0 | 3 / 19 | |
| 7.0.1 | 3 / 19 | |
| 7.0.0 | 3 / 19 | |
| 6.19.0 | 3 / 19 |
v7.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.