langchain — Greenflagged

Typescript bindings for langchain

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

christian-bromannnfcamposjacoblee93andrewnguonlydavidduonghntrlhwchase17basproul

Keywords

llmaigpt3chainpromptprompt engineeringchatgptmachine learningmlopenaiembeddingsvectorstores

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:zod	AI (dependencies): zod is a widely-used, well-established TypeScript validation library; its presence in langchain is expected and benign.	ai	2026/04/21
dependencies	unvetted-dep:langsmith	AI (dependencies): langsmith is a first-party LangChain observability package; its use in langchain is expected and benign.	ai	2026/04/21
dependencies	unvetted-dep:@langchain/langgraph	AI (dependencies): First-party LangChain package; its inclusion as a dependency of langchain is expected and benign.	ai	2026/04/21
dependencies	unvetted-dep:@langchain/langgraph-checkpoint	AI (dependencies): First-party LangChain package; its inclusion as a dependency of langchain is expected and benign.	ai	2026/04/21

Versions (showing 79 of 79)

Hide prereleases

Version	Deps	Published
1.4.2	4 / 26	2026-05-21
1.4.1	4 / 26	2026-05-18
1.4.0	4 / 27	2026-05-05
1.3.5	4 / 23	2026-04-27
1.3.4	5 / 23	2026-04-22
1.3.3	5 / 23	2026-04-15
1.3.2	5 / 23	2026-04-13
1.3.1	5 / 23	2026-04-07
1.3.0	5 / 23	2026-04-03
1.2.39	5 / 26	2026-03-31
1.2.38	5 / 26	2026-03-30
1.2.37	5 / 26	2026-03-24
1.2.36	5 / 26	2026-03-22
1.2.35	5 / 26	2026-03-18
1.2.34	5 / 26	2026-03-17
1.2.33	5 / 26	2026-03-17
1.2.32	5 / 26	2026-03-12
1.2.31	5 / 26	2026-03-11
1.2.30	5 / 26	2026-03-05
1.2.29	5 / 26	2026-03-03
1.2.28	5 / 26	2026-02-26
1.2.27	5 / 26	2026-02-24
1.2.26	5 / 26	2026-02-23
1.2.25	5 / 26	2026-02-18
1.2.24	5 / 26	2026-02-13
1.2.23	5 / 26	2026-02-12
1.2.22	5 / 26	2026-02-12
1.2.21	5 / 26	2026-02-11
1.2.20	5 / 26	2026-02-11
1.2.19	5 / 26	2026-02-09
1.2.18	5 / 26	2026-02-05
1.2.17	5 / 26	2026-02-04
1.2.16	5 / 26	2026-01-30
1.2.15	5 / 26	2026-01-28
1.2.14	5 / 26	2026-01-26
1.2.13	5 / 26	2026-01-24
1.2.12	5 / 26	2026-01-22
1.2.11	5 / 26	2026-01-20
1.2.10	5 / 26	2026-01-14
1.2.9	5 / 26	2026-01-14
1.2.8	5 / 26	2026-01-13
1.2.7	5 / 26	2026-01-08
1.2.6	5 / 26	2026-01-07
1.2.5	5 / 27	2026-01-06
1.2.4	5 / 27	2026-01-06
1.2.3	5 / 27	2025-12-22
0.3.37	11 / 52	2025-12-23
2.0.0-dev-1765937705265	5 / 27	2025-12-17
1.4.0-dev-1776832091014	5 / 27	2026-04-22
1.4.0-dev-1776805421926	5 / 27	2026-04-21
1.4.0-dev-1776378339387	5 / 27	2026-04-16
1.4.0-dev-1776142825946	5 / 23	2026-04-14
1.4.0-dev-1776142183904	5 / 23	2026-04-14
1.4.0-dev-1776140265950	5 / 23	2026-04-14
1.4.0-dev-1776132989638	5 / 23	2026-04-14
1.3.0-dev-1775244116634	5 / 23	2026-04-03
1.3.0-dev-1773962633795	5 / 26	2026-03-19
1.2.33-dev-1773786580575	5 / 26	2026-03-17
1.2.33-dev-1773785150055	5 / 26	2026-03-17
1.2.33-dev-1773776071697	5 / 26	2026-03-17
1.2.33-dev-1773712098100	5 / 26	2026-03-17
1.2.33-dev-1773710628974	5 / 26	2026-03-17
1.2.33-dev-1773709997654	5 / 26	2026-03-17
1.2.33-dev-1773698445534	5 / 26	2026-03-16
1.2.32-dev-1773350943759	5 / 26	2026-03-12
1.2.32-dev-1773348967855	5 / 26	2026-03-12
1.2.31-dev-1773345797648	5 / 26	2026-03-12
1.2.25-dev-1771375941312	5 / 26	2026-02-18
1.2.7-dev-1767822302252	5 / 26	2026-01-07
1.2.6-dev-1767748783694	5 / 26	2026-01-07
1.0.0-alpha.9	4 / 26	2025-10-15
1.0.0-alpha.8	4 / 28	2025-10-07
1.0.0-alpha.7	10 / 27	2025-09-26
1.0.0-alpha.6	10 / 27	2025-09-15
1.0.0-alpha.5	11 / 32	2025-09-08
1.0.0-alpha.4	11 / 32	2025-09-02
1.0.0-alpha.3	11 / 32	2025-09-02
1.0.0-alpha.2	11 / 32	2025-08-28
1.0.0-alpha.1	11 / 31	2025-08-28

v1.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.37

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.0-dev-1765937705265

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776832091014

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776805421926

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776378339387

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776142825946

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776142183904

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776140265950

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0-dev-1776132989638

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0-dev-1775244116634

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0-dev-1773962633795

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773786580575

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773785150055

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773776071697

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773712098100

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773710628974

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773709997654

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.33-dev-1773698445534

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.32-dev-1773350943759

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.32-dev-1773348967855

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.31-dev-1773345797648

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.25-dev-1771375941312

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.7-dev-1767822302252

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.6-dev-1767748783694

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0-alpha.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0-alpha.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.