@stryke/capnp
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Standard Cap'n Proto Bytes serialization codec; not obfuscation. | ai | |
| dependencies | unvetted-dep:capnp-es | AI (dependencies): capnp-es is the canonical Cap'n Proto ES module library; its use is expected and appropriate for this package. | ai | |
| source-diff | obfuscated-file:dist/helpers-rVOvMK2d.mjs | AI (source-diff): Minified ESM helpers bundle. Standard bundler output for this package, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-B7Tm_xbT.cjs | AI (source-diff): Minified Cap'n Proto compiler bundle. Content is legitimate Cap'n Proto schema compilation code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/helpers-DmrSADWE.cjs | AI (source-diff): Minified helpers bundle. Content is legitimate utility code (color themes, object helpers), not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-DGAyhMqI.mjs | AI (source-diff): Minified ESM Cap'n Proto compiler bundle. Content is legitimate Cap'n Proto schema compilation code, not malicious obfuscation. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is declared in package.json dependencies and used in bundled code. Same org scope, false positive for bundled imports. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is declared in package.json dependencies and used in bundled code. Phantom-dep analyzer false positive for bundled imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): @stryke/fs is declared in package.json dependencies and used in bundled code. Same org scope, false positive for bundled imports. | ai | |
| source-diff | obfuscated-file:schemas/src-DqIy7I3p.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto schema source. Standard build output; content is Cap'n Proto protocol code. | ai | |
| source-diff | obfuscated-file:dist/helpers-DSMRKdw1.cjs | AI (source-diff): Minified CJS bundle of helper utilities. Content shows standard module interop helpers and color theme definitions — benign build output. | ai | |
| source-diff | obfuscated-file:dist/capnp-es.GpvEvMIK-xNDcbmgx.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto library code produced by tsdown build tool. Content is recognizable Cap'n Proto protocol implementation, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/compile-ChbJ-p6B.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto compiler code. Standard build output from tsdown; content is Cap'n Proto schema compilation logic. | ai | |
| source-diff | obfuscated-file:dist/dist-C1gSYYrg.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto dist code. Standard build output; content shows Cap'n Proto interface/RPC implementation. | ai | |
| source-diff | obfuscated-file:schemas/src-CGrmR2BO.cjs | AI (source-diff): Minified CJS bundle of Cap'n Proto schema source. Content is recognizable Cap'n Proto protocol code; standard build output. | ai | |
| source-diff | obfuscated-file:dist/capnp-es.GpvEvMIK-BsgDzeBH.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto library. Standard tsdown build output; content is Cap'n Proto protocol implementation. | ai | |
| source-diff | obfuscated-file:dist/compile-DJUj4hs3.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto compiler. Standard build output; content is Cap'n Proto schema compilation logic. | ai | |
| source-diff | obfuscated-file:dist/dist-CK47iMja.mjs | AI (source-diff): Minified ESM bundle of Cap'n Proto dist. Standard build output; content shows Cap'n Proto interface/RPC implementation. | ai | |
| source-diff | obfuscated-file:dist/helpers-BoKbpcuO.mjs | AI (source-diff): Minified ESM bundle of helper utilities. Standard tsdown build output for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): This package is a Cap'n Proto compiler CLI wrapper; child_process is required to invoke the capnpc binary. Expected and documented behavior for this package. | ai | |
| phantom-deps | phantom-dep:nanotar | AI (phantom-deps): nanotar is a declared runtime dep; phantom detection reflects bundling patterns in this monorepo package. | ai | |
| phantom-deps | phantom-dep:hex2dec | AI (phantom-deps): hex2dec is a declared runtime dep in a bundled package; phantom detection reflects bundling, not a real dependency issue. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() is used in a standard Proxy handler pattern for Cap'n Proto struct access — legitimate and idiomatic JavaScript, not obfuscation. | ai |
Versions (showing 65 of 166)
| Version | Deps | Published |
|---|---|---|
| 0.11.24 | 5 / 10 | |
| 0.11.23 | 5 / 10 | |
| 0.11.22 | 5 / 10 | |
| 0.11.21 | 5 / 10 | |
| 0.11.20 | 5 / 10 | |
| 0.11.19 | 5 / 10 | |
| 0.11.18 | 5 / 10 | |
| 0.11.17 | 5 / 10 | |
| 0.11.16 | 5 / 10 | |
| 0.11.15 | 5 / 10 | |
| 0.11.14 | 5 / 10 | |
| 0.11.13 | 5 / 10 | |
| 0.11.12 | 5 / 10 | |
| 0.11.11 | 5 / 10 | |
| 0.11.8 | 5 / 10 | |
| 0.11.7 | 5 / 10 | |
| 0.11.6 | 5 / 10 | |
| 0.11.5 | 5 / 10 | |
| 0.11.4 | 5 / 10 | |
| 0.11.3 | 5 / 10 | |
| 0.11.2 | 5 / 10 | |
| 0.11.1 | 5 / 10 | |
| 0.11.0 | 5 / 10 | |
| 0.10.12 | 5 / 10 | |
| 0.10.11 | 5 / 10 | |
| 0.10.10 | 5 / 10 | |
| 0.10.9 | 5 / 10 | |
| 0.10.8 | 5 / 10 | |
| 0.10.7 | 5 / 10 | |
| 0.10.6 | 5 / 10 | |
| 0.10.5 | 5 / 10 | |
| 0.10.4 | 5 / 10 | |
| 0.10.3 | 5 / 10 | |
| 0.10.2 | 5 / 10 | |
| 0.10.1 | 5 / 10 | |
| 0.10.0 | 5 / 10 | |
| 0.9.13 | 3 / 10 | |
| 0.9.12 | 3 / 10 | |
| 0.9.11 | 3 / 9 | |
| 0.9.10 | 3 / 9 | |
| 0.9.9 | 3 / 9 | |
| 0.9.8 | 3 / 9 | |
| 0.9.7 | 3 / 9 | |
| 0.9.6 | 3 / 9 | |
| 0.9.5 | 3 / 9 | |
| 0.9.4 | 3 / 9 | |
| 0.9.3 | 3 / 9 | |
| 0.9.2 | 3 / 9 | |
| 0.9.1 | 3 / 9 | |
| 0.9.0 | 3 / 9 | |
| 0.8.3 | 3 / 8 | |
| 0.8.2 | 3 / 8 | |
| 0.8.1 | 3 / 8 | |
| 0.8.0 | 3 / 8 | |
| 0.7.0 | 3 / 8 | |
| 0.6.3 | 2 / 6 | |
| 0.6.2 | 2 / 6 | |
| 0.6.1 | 2 / 6 | |
| 0.6.0 | 2 / 6 | |
| 0.5.0 | 2 / 6 | |
| 0.4.5 | 2 / 6 | |
| 0.4.0 | 3 / 5 | |
| 0.2.6 | 3 / 1 | |
| 0.1.3 | 3 / 1 | |
| 0.1.0 | 3 / 1 |
v0.11.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.