@treeseed/sdk — Greenflagged

Shared Treeseed SDK for content-backed and D1-backed object models.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

adrianwebb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
license	copyleft-license:AGPL-3.0-only	AI (license): Intentional AGPL-3.0-only license choice; disclosed in package.json and appropriate for this SDK.	ai	2026/04/29
publish-pattern	new-deps-added	AI (publish-pattern): All 8 new deps (ink, react, unified, remark-*, minisearch, github-slugger, mdast-util-to-string) are established, well-known packages consistent with adding CLI and markdown processing features to this SDK.	ai	2026/04/26
source-diff	large-new-source-files	AI (source-diff): 187 new source files consistent with esbuild bundling of 8 new runtime dependencies; SLSA provenance confirms CI/CD build integrity.	ai	2026/04/26
source-diff	source-size-tripled	AI (source-diff): 5.6x size increase explained by bundling of 8 new legitimate runtime deps (ink, react, unified, remark-*, etc.) via esbuild; no obfuscation signals present.	ai	2026/04/26
phantom-deps	phantom-dep:react	AI (phantom-deps): react is a peer/bundled dep for ink (CLI framework); indirect usage via build tooling is expected for this SDK.	ai	2026/04/25
dependencies	unvetted-dep:octokit	AI (dependencies): octokit is GitHub's official JavaScript SDK — a well-known, widely-used package. Unvetted status reflects registry state, not actual risk.	ai	2026/04/25
phantom-deps	phantom-dep:libsodium-wrappers	AI (phantom-deps): libsodium-wrappers is a standard cryptography library; phantom status consistent with conditional/platform-specific usage in SDK.	ai	2026/04/25
phantom-deps	phantom-dep:minisearch	AI (phantom-deps): minisearch is a legitimate full-text search library; phantom status consistent with bundled/tree-shaken SDK output.	ai	2026/04/25
dependencies	unvetted-dep:repomix	AI (dependencies): repomix is a legitimate, popular repo-packing utility. No malicious indicators; unvetted status is a registry artifact.	ai	2026/04/25
dependencies	unvetted-dep:mdast-util-to-string	AI (dependencies): mdast-util-to-string is part of the unified/remark ecosystem, widely used for Markdown processing. No risk indicators.	ai	2026/04/25
phantom-deps	phantom-dep:ink	AI (phantom-deps): ink is a React-based CLI framework; declared as dep and referenced in config, consistent with SDK build tooling patterns using esbuild bundling.	ai	2026/04/25

Versions (showing 51 of 100)

View all versions

Version	Deps	Published
0.11.0	24 / 3	2026-06-12
0.10.28	24 / 3	2026-06-05
0.10.27	24 / 3	2026-06-04
0.10.26	24 / 3	2026-06-04
0.10.25	24 / 3	2026-06-04
0.10.24	24 / 3	2026-06-02
0.10.23	24 / 3	2026-06-02
0.10.22	24 / 3	2026-05-28
0.10.21	24 / 3	2026-05-28
0.10.20	24 / 3	2026-05-28
0.10.19	24 / 3	2026-05-28
0.10.18	24 / 3	2026-05-28
0.10.17	24 / 3	2026-05-28
0.10.16	24 / 3	2026-05-27
0.10.15	24 / 3	2026-05-27
0.10.14	24 / 3	2026-05-27
0.10.13	24 / 3	2026-05-27
0.10.12	24 / 3	2026-05-24
0.10.11	24 / 3	2026-05-23
0.10.10	24 / 3	2026-05-23
0.10.9	24 / 3	2026-05-23
0.10.8	24 / 3	2026-05-22
0.10.7	24 / 3	2026-05-22
0.10.6	23 / 3	2026-05-21
0.10.5	23 / 3	2026-05-21
0.9.0	22 / 3	2026-05-19
0.8.19	22 / 3	2026-05-16
0.8.18	22 / 3	2026-05-16
0.8.17	22 / 3	2026-05-16
0.8.16	22 / 3	2026-05-15
0.8.15	22 / 3	2026-05-15
0.8.14	22 / 3	2026-05-15
0.8.13	22 / 3	2026-05-14
0.8.12	22 / 3	2026-05-14
0.8.11	22 / 3	2026-05-13
0.8.10	22 / 3	2026-05-13
0.8.9	22 / 3	2026-05-12
0.8.8	22 / 3	2026-05-11
0.8.7	22 / 3	2026-05-11
0.8.6	22 / 3	2026-05-11
0.8.5	22 / 3	2026-05-11
0.8.4	22 / 3	2026-05-11
0.8.3	22 / 3	2026-05-10
0.8.2	22 / 3	2026-05-10
0.8.1	22 / 3	2026-05-09
0.8.0	22 / 3	2026-05-09
0.7.0	22 / 3	2026-05-09
0.6.51	22 / 3	2026-05-09
0.6.50	22 / 3	2026-05-08
0.6.49	22 / 3	2026-05-08
0.6.48	22 / 3	2026-05-08