← Home

@treeseed/core

npm Repository Homepage

Treeseed integrated platform starter for Astro/Starlight web runtimes and Hono API runtimes.

11
Versions
AGPL-3.0-only
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

adrianwebb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern new-deps-added AI (publish-pattern): New deps are core Astro ecosystem packages; consistent with this Astro/Starlight framework's documented purpose. ai
dependencies unvetted-dep:@astrojs/sitemap AI (dependencies): Well-known Astro ecosystem package; no malware indicators. ai
dependencies unvetted-dep:@astrojs/starlight AI (dependencies): Well-known Astro ecosystem package; no malware indicators. ai
dependencies unvetted-dep:@astrojs/cloudflare AI (dependencies): Well-known Astro ecosystem package; no malware indicators. ai
phantom-deps phantom-dep:unified AI (phantom-deps): Remark/unified pipeline dep referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:katex AI (phantom-deps): Math rendering dep referenced in config, not directly imported — expected for docs starter. ai
phantom-deps phantom-dep:remark-gfm AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:remark-mdx AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:remark-stringify AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:remark-frontmatter AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:@astrojs/check AI (phantom-deps): Astro type-checker referenced in scripts/config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:remark-parse AI (phantom-deps): Remark plugin referenced in config, not directly imported — expected pattern. ai
phantom-deps phantom-dep:wrangler AI (phantom-deps): Framework starter; wrangler referenced in config/scripts, not imported directly — expected pattern. ai
phantom-deps phantom-dep:vitest AI (phantom-deps): Test runner referenced in vitest.config.ts, not directly imported — expected pattern. ai
phantom-deps phantom-dep:tailwindcss AI (phantom-deps): CSS framework referenced in config files, not directly imported — expected for Astro starter. ai
typosquat typosquat.levenshtein:cors AI (typosquat): Scoped package @treeseed/core is not a typosquat of 'cors'. The edit-distance match is on the unscoped portion only; the full name, repo, and purpose are clearly distinct. ai

Versions (showing 11 of 111)

Version Deps Published
0.4.8 24 / 1
0.4.7 24 / 1
0.4.6 24 / 1
0.4.5 24 / 1
0.4.4 24 / 1
0.4.2 23 / 1
0.4.1 23 / 1
0.4.0 23 / 1
0.3.2 23 / 1
0.3.0 23 / 1
0.1.2 23 / 1

v0.4.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.