mongodb-connection-string-url Apache-2.0 2 versions

mongodb-connection-string-url

npm Repository Homepage

MongoDB connection strings, based on the WhatWG URL API

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mongodb-js-userrueckstiessdurranalexander_schrollmbroadsthswolffsatyasinhamatt_d_ratjeff-allen-mongojonathan.balsanomongodb-buildjack.weirkristina.stefanojarjeeshaketbabydevtoolsbotaddaleaxgribnoysupmutukrishmongo-jnbbeekendbx-nodenirinchevpearsb1mcasimir_mdb

Keywords

passwordprompttty

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/whatwg-url	AI (phantom-deps): @types/whatwg-url is intentionally a runtime dep here — it provides TypeScript types re-exported as part of the public API. This pattern is stable for this package.	ai	2026/04/21
dependencies	unvetted-dep:@types/whatwg-url	AI (dependencies): @types/whatwg-url is a legitimate DefinitelyTyped package used as a runtime dep for TypeScript type re-exports. Stable and expected for this package.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Inflated semver reflects continuation of existing mongodb-js package series (v7 = MongoDB driver v7 era). durran is a known MongoDB maintainer; mass-production signal reflects legitimate ecosystem packages.	ai	2026/04/21

Versions (showing 2 of 2)

Version	Deps	Published
7.0.1	2 / 17	2026-01-26
7.0.0	2 / 17	2025-11-05

v7.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.