@quatrain/api-client
Isomorphic API client for Quatrain based on native fetch
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is same-org @quatrain/http; consistent with internal library extraction, not a third-party injection. | ai | |
| phantom-deps | phantom-dep:@quatrain/api | AI (phantom-deps): Same-org monorepo dep; may be used transitively or re-exported rather than directly imported. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Part of Quatrain monorepo; sparse metadata and inflated semver are consistent with internal tooling, not spam. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 1.1.6 | 3 / 7 | |
| 1.1.5 | 2 / 7 | |
| 1.1.4 | 2 / 7 | |
| 1.1.3 | 2 / 7 | |
| 1.1.2 | 2 / 7 | |
| 1.1.1 | 2 / 7 |
v1.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.