@treeseed/core
Treeseed integrated platform starter for Astro/Starlight web runtimes and Hono API runtimes.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are core Astro ecosystem packages; consistent with this Astro/Starlight framework's documented purpose. | ai | |
| dependencies | unvetted-dep:@astrojs/sitemap | AI (dependencies): Well-known Astro ecosystem package; no malware indicators. | ai | |
| dependencies | unvetted-dep:@astrojs/starlight | AI (dependencies): Well-known Astro ecosystem package; no malware indicators. | ai | |
| dependencies | unvetted-dep:@astrojs/cloudflare | AI (dependencies): Well-known Astro ecosystem package; no malware indicators. | ai | |
| phantom-deps | phantom-dep:unified | AI (phantom-deps): Remark/unified pipeline dep referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:katex | AI (phantom-deps): Math rendering dep referenced in config, not directly imported — expected for docs starter. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:remark-mdx | AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:remark-stringify | AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:remark-frontmatter | AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:@astrojs/check | AI (phantom-deps): Astro type-checker referenced in scripts/config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:wrangler | AI (phantom-deps): Framework starter; wrangler referenced in config/scripts, not imported directly — expected pattern. | ai | |
| phantom-deps | phantom-dep:vitest | AI (phantom-deps): Test runner referenced in vitest.config.ts, not directly imported — expected pattern. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): CSS framework referenced in config files, not directly imported — expected for Astro starter. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @treeseed/core is not a typosquat of 'cors'. The edit-distance match is on the unscoped portion only; the full name, repo, and purpose are clearly distinct. | ai |
Versions (showing 100 of 111)
| Version | Deps | Published |
|---|---|---|
| 0.10.22 | 25 / 1 | |
| 0.10.21 | 25 / 1 | |
| 0.10.20 | 25 / 1 | |
| 0.10.19 | 25 / 1 | |
| 0.10.18 | 25 / 1 | |
| 0.10.17 | 25 / 1 | |
| 0.10.16 | 25 / 1 | |
| 0.10.15 | 25 / 1 | |
| 0.10.14 | 25 / 1 | |
| 0.10.13 | 25 / 1 | |
| 0.10.12 | 25 / 1 | |
| 0.10.11 | 25 / 1 | |
| 0.10.10 | 25 / 1 | |
| 0.10.9 | 25 / 1 | |
| 0.10.8 | 25 / 1 | |
| 0.10.7 | 25 / 1 | |
| 0.10.6 | 25 / 1 | |
| 0.10.5 | 25 / 1 | |
| 0.10.4 | 25 / 1 | |
| 0.10.3 | 25 / 1 | |
| 0.10.2 | 25 / 1 | |
| 0.10.1 | 25 / 1 | |
| 0.10.0 | 25 / 1 | |
| 0.9.4 | 25 / 1 | |
| 0.9.0 | 25 / 1 | |
| 0.8.19 | 25 / 1 | |
| 0.8.18 | 25 / 1 | |
| 0.8.17 | 25 / 1 | |
| 0.8.16 | 25 / 1 | |
| 0.8.15 | 25 / 1 | |
| 0.8.14 | 25 / 1 | |
| 0.8.13 | 25 / 1 | |
| 0.8.12 | 25 / 1 | |
| 0.8.11 | 25 / 1 | |
| 0.8.10 | 25 / 1 | |
| 0.8.9 | 25 / 1 | |
| 0.8.8 | 25 / 1 | |
| 0.8.7 | 25 / 1 | |
| 0.8.6 | 25 / 1 | |
| 0.8.5 | 25 / 1 | |
| 0.8.4 | 25 / 1 | |
| 0.8.3 | 24 / 1 | |
| 0.8.2 | 24 / 1 | |
| 0.8.1 | 24 / 1 | |
| 0.8.0 | 24 / 1 | |
| 0.7.0 | 24 / 1 | |
| 0.6.50 | 24 / 1 | |
| 0.6.49 | 24 / 1 | |
| 0.6.48 | 24 / 1 | |
| 0.6.47 | 24 / 1 | |
| 0.6.46 | 24 / 1 | |
| 0.6.45 | 24 / 1 | |
| 0.6.44 | 24 / 1 | |
| 0.6.43 | 24 / 1 | |
| 0.6.42 | 24 / 1 | |
| 0.6.41 | 24 / 1 | |
| 0.6.40 | 24 / 1 | |
| 0.6.39 | 24 / 1 | |
| 0.6.38 | 24 / 1 | |
| 0.6.37 | 24 / 1 | |
| 0.6.36 | 24 / 1 | |
| 0.6.35 | 24 / 1 | |
| 0.6.34 | 24 / 1 | |
| 0.6.33 | 24 / 1 | |
| 0.6.32 | 24 / 1 | |
| 0.6.31 | 24 / 1 | |
| 0.6.30 | 24 / 1 | |
| 0.6.29 | 24 / 1 | |
| 0.6.28 | 24 / 1 | |
| 0.6.27 | 24 / 1 | |
| 0.6.26 | 24 / 1 | |
| 0.6.25 | 24 / 1 | |
| 0.6.24 | 24 / 1 | |
| 0.6.23 | 24 / 1 | |
| 0.6.22 | 24 / 1 | |
| 0.6.21 | 24 / 1 | |
| 0.6.20 | 24 / 1 | |
| 0.6.19 | 24 / 1 | |
| 0.6.18 | 24 / 1 | |
| 0.6.17 | 24 / 1 | |
| 0.6.16 | 24 / 1 | |
| 0.6.15 | 24 / 1 | |
| 0.6.14 | 24 / 1 | |
| 0.6.13 | 24 / 1 | |
| 0.6.12 | 24 / 1 | |
| 0.6.11 | 24 / 1 | |
| 0.6.10 | 24 / 1 | |
| 0.6.9 | 24 / 1 | |
| 0.6.5 | 24 / 1 | |
| 0.6.3 | 24 / 1 | |
| 0.6.2 | 24 / 1 | |
| 0.6.1 | 24 / 1 | |
| 0.5.4 | 24 / 1 | |
| 0.5.3 | 24 / 1 | |
| 0.5.2 | 24 / 1 | |
| 0.4.13 | 24 / 1 | |
| 0.4.12 | 24 / 1 | |
| 0.4.11 | 24 / 1 | |
| 0.4.10 | 24 / 1 | |
| 0.4.9 | 24 / 1 |
v0.10.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
2 findingsPackage name '@treeseed/core' is 1 edit(s) away from popular package 'cors'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.