drizzle-kit
Drizzle Kit is a CLI migrator tool for Drizzle ORM. It is probably the one and only tool that lets you completely automatically generate SQL migrations and covers ~95% of the common cases like deletions and renames by prompting user input. <https://github
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:esbuild | AI (phantom-deps): esbuild is a legitimate build dependency used in the build process; phantom-dep is expected for build tools. | ai | |
| phantom-deps | phantom-dep:esbuild-register | AI (phantom-deps): esbuild-register is a legitimate build/config dependency; phantom-dep is expected for build infrastructure. | ai | |
| phantom-deps | phantom-dep:@drizzle-team/brocli | AI (phantom-deps): @drizzle-team/brocli is a legitimate CLI utility dependency; phantom-dep is expected for CLI tools. | ai | |
| phantom-deps | phantom-dep:@esbuild-kit/esm-loader | AI (phantom-deps): @esbuild-kit/esm-loader is a legitimate build/loader dependency; phantom-dep is expected for build infrastructure. | ai | |
| dependencies | unvetted-dep:@drizzle-team/brocli | AI (dependencies): First-party dependency from the drizzle-team namespace; stable CLI utility used across drizzle-kit versions. | ai | |
| dependencies | unvetted-dep:@esbuild-kit/esm-loader | AI (dependencies): Well-known ESM loader utility; standard tooling dependency for drizzle-kit's build/runtime pipeline. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.31.10 | 4 / 65 | |
| 0.31.9 | 4 / 66 | |
| 0.31.8 | 4 / 66 | |
| 0.31.7 | 4 / 66 | |
| 0.31.6 | 4 / 66 | |
| 0.31.5 | 4 / 66 | |
| 0.31.4 | 4 / 66 | |
| 0.31.3 | 4 / 66 | |
| 0.31.2 | 4 / 66 | |
| 0.31.1 | 4 / 67 |
v0.31.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.