@tscircuit/capacity-autorouter
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:dataset-srj18 | AI (npm-metadata): devDependency only; tscircuit org repo matching publisher identity; same pattern as other accepted URL deps in this package. | ai | |
| npm-metadata | url-dep:@tscircuit/autorouting-dataset-01 | AI (npm-metadata): devDependency only; tscircuit org repo matching publisher identity; same pattern as other accepted URL deps in this package. | ai | |
| npm-metadata | url-dep:@tsci/tscircuit.dataset-srj16-bga-breakouts | AI (npm-metadata): devDependency SHA-pinned to tscircuit org's own repo; same pattern as all other accepted url-deps in this package. | ai | |
| npm-metadata | url-dep:high-density-repair01 | AI (npm-metadata): devDependency test fixture from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:high-density-repair03 | AI (npm-metadata): devDependency test fixture from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:dataset-srj11-45-degree | AI (npm-metadata): devDependency test dataset from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:@tscircuit/dataset-srj05 | AI (npm-metadata): devDependency test dataset from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:high-density-dataset-z04 | AI (npm-metadata): devDependency test dataset from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:@tsci/tscircuit.dataset-srj12-bus-routing | AI (npm-metadata): devDependency test dataset from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:@tscircuit/rectdiff | AI (npm-metadata): devDependency from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:pcb-poly-hyper-graph | AI (npm-metadata): devDependency from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:tiny-hypergraph-poly | AI (npm-metadata): devDependency from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:high-density-repair02 | AI (npm-metadata): devDependency from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:@tscircuit/fixed-via-hypergraph-solver | AI (npm-metadata): devDependency from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:@tsci/seveibar.dataset-srj13 | AI (npm-metadata): devDependency test dataset from tscircuit org; not shipped to consumers. | ai | |
| npm-metadata | url-dep:zdwiel-dataset | AI (npm-metadata): devDependency benchmark dataset pinned by SHA; not shipped to consumers. | ai | |
| npm-metadata | url-dep:tiny-hypergraph | AI (npm-metadata): devDependency test fixture from tscircuit org; not shipped to consumers. | ai | |
| phantom-deps | phantom-dep:bun-match-svg | AI (phantom-deps): Likely used in test/build scripts referenced via config rather than direct import; stable FP. | ai | |
| phantom-deps | phantom-dep:fast-json-stable-stringify | AI (phantom-deps): Listed as a runtime dep in package.json; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:object-hash | AI (phantom-deps): Listed as a runtime dep in package.json; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 100 of 409)
| Version | Deps | Published |
|---|---|---|
| 0.0.465 | 3 / 57 | |
| 0.0.464 | 3 / 55 | |
| 0.0.463 | 3 / 55 | |
| 0.0.462 | 3 / 55 | |
| 0.0.461 | 3 / 55 | |
| 0.0.457 | 3 / 53 | |
| 0.0.456 | 3 / 53 | |
| 0.0.455 | 3 / 53 | |
| 0.0.454 | 3 / 53 | |
| 0.0.453 | 3 / 53 | |
| 0.0.452 | 3 / 53 | |
| 0.0.451 | 3 / 52 | |
| 0.0.450 | 3 / 52 | |
| 0.0.449 | 3 / 52 | |
| 0.0.448 | 3 / 52 | |
| 0.0.447 | 3 / 52 | |
| 0.0.446 | 3 / 52 | |
| 0.0.445 | 3 / 52 | |
| 0.0.444 | 3 / 52 | |
| 0.0.443 | 3 / 52 | |
| 0.0.442 | 3 / 52 | |
| 0.0.441 | 3 / 52 | |
| 0.0.440 | 3 / 52 | |
| 0.0.439 | 3 / 52 | |
| 0.0.438 | 3 / 52 | |
| 0.0.437 | 3 / 52 | |
| 0.0.436 | 3 / 52 | |
| 0.0.435 | 3 / 52 | |
| 0.0.434 | 3 / 52 | |
| 0.0.433 | 3 / 52 | |
| 0.0.432 | 3 / 52 | |
| 0.0.431 | 3 / 52 | |
| 0.0.430 | 3 / 52 | |
| 0.0.429 | 3 / 52 | |
| 0.0.428 | 3 / 52 | |
| 0.0.427 | 3 / 52 | |
| 0.0.426 | 3 / 52 | |
| 0.0.425 | 3 / 52 | |
| 0.0.424 | 3 / 52 | |
| 0.0.423 | 3 / 52 | |
| 0.0.422 | 3 / 52 | |
| 0.0.421 | 3 / 52 | |
| 0.0.420 | 3 / 51 | |
| 0.0.419 | 3 / 51 | |
| 0.0.418 | 3 / 51 | |
| 0.0.417 | 3 / 51 | |
| 0.0.416 | 3 / 51 | |
| 0.0.415 | 3 / 51 | |
| 0.0.414 | 3 / 51 | |
| 0.0.375 | 3 / 50 | |
| 0.0.374 | 3 / 50 | |
| 0.0.373 | 3 / 50 | |
| 0.0.372 | 3 / 50 | |
| 0.0.371 | 3 / 50 | |
| 0.0.370 | 3 / 50 | |
| 0.0.369 | 3 / 50 | |
| 0.0.368 | 3 / 50 | |
| 0.0.307 | 4 / 44 | |
| 0.0.306 | 4 / 44 | |
| 0.0.305 | 4 / 44 | |
| 0.0.304 | 4 / 44 | |
| 0.0.303 | 4 / 44 | |
| 0.0.302 | 4 / 44 | |
| 0.0.301 | 4 / 44 | |
| 0.0.300 | 4 / 44 | |
| 0.0.299 | 4 / 44 | |
| 0.0.298 | 4 / 44 | |
| 0.0.297 | 4 / 44 | |
| 0.0.296 | 4 / 44 | |
| 0.0.295 | 3 / 44 | |
| 0.0.294 | 3 / 44 | |
| 0.0.293 | 3 / 44 | |
| 0.0.292 | 3 / 44 | |
| 0.0.291 | 3 / 44 | |
| 0.0.290 | 3 / 44 | |
| 0.0.289 | 3 / 44 | |
| 0.0.288 | 3 / 44 | |
| 0.0.287 | 3 / 44 | |
| 0.0.286 | 3 / 44 | |
| 0.0.285 | 3 / 43 | |
| 0.0.284 | 3 / 43 | |
| 0.0.283 | 3 / 43 | |
| 0.0.282 | 3 / 43 | |
| 0.0.281 | 3 / 43 | |
| 0.0.280 | 3 / 43 | |
| 0.0.279 | 3 / 43 | |
| 0.0.278 | 3 / 43 | |
| 0.0.277 | 3 / 43 | |
| 0.0.276 | 3 / 43 | |
| 0.0.275 | 3 / 43 | |
| 0.0.274 | 3 / 43 | |
| 0.0.273 | 3 / 43 | |
| 0.0.272 | 3 / 43 | |
| 0.0.271 | 3 / 42 | |
| 0.0.270 | 3 / 42 | |
| 0.0.269 | 3 / 42 | |
| 0.0.268 | 3 / 42 | |
| 0.0.267 | 3 / 42 | |
| 0.0.266 | 3 / 42 | |
| 0.0.265 | 3 / 42 |
v0.0.465
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.464
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.463
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.462
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.461
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.457
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.456
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.455
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.454
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.453
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.452
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.451
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.450
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.449
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.448
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.447
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.446
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.445
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.444
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.443
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.442
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.441
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.440
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.439
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.438
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.437
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.436
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.435
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.434
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.433
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.432
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.431
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.430
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.429
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.428
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.427
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.426
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.425
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.424
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.423
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.422
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.421
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.420
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.419
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.418
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.417
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.416
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.415
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.414
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.375
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.374
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.373
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.372
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.371
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.370
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.369
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.368
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.