← Home

typeorm

npm Repository Homepage

Data-Mapper ORM for TypeScript and ES2021+. Supports MySQL/MariaDB, PostgreSQL, MS SQL Server, Oracle, SAP HANA, SQLite, MongoDB databases.

100
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

michaelbromleypleerock

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:env-spread AI (semgrep): TypeORM CLI uses process.env spread to forward environment to child processes (spawnSync). This is standard CLI behavior, not secret exfiltration. ai
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require is used to load user-specified ORM config files (ormconfig.json etc.) — core documented TypeORM functionality. ai
semgrep semgrep:child-process-import AI (semgrep): TypeORM ships CLI binaries that legitimately use child_process to spawn ts-node subprocesses. Expected for a CLI tool. ai

Versions (showing 100 of 207)

Hide prereleases
Version Deps Published
1.0.0 10 / 3
0.3.30 15 / 58
0.3.29 15 / 58
0.3.28 15 / 56
0.3.27 14 / 55
0.3.26 14 / 55
1.0.1-nightly.20260213 13 / 0
1.0.0-nightly.20260422 10 / 3
1.0.0-nightly.20260421 10 / 3
1.0.0-nightly.20260420 10 / 3
1.0.0-nightly.20260419 10 / 3
1.0.0-nightly.20260418 10 / 3
1.0.0-nightly.20260417 10 / 3
1.0.0-nightly.20260416 10 / 3
1.0.0-nightly.20260415 11 / 3
1.0.0-nightly.20260414 11 / 3
1.0.0-nightly.20260413 11 / 3
1.0.0-nightly.20260412 11 / 3
1.0.0-nightly.20260411 11 / 3
1.0.0-nightly.20260410 11 / 3
1.0.0-nightly.20260409 11 / 3
1.0.0-nightly.20260408 11 / 3
1.0.0-nightly.20260407 11 / 3
1.0.0-nightly.20260406 11 / 3
1.0.0-nightly.20260405 11 / 3
1.0.0-nightly.20260404 11 / 3
1.0.0-nightly.20260403 11 / 3
1.0.0-nightly.20260402 11 / 3
1.0.0-nightly.20260401 11 / 3
1.0.0-nightly.20260331 11 / 0
1.0.0-nightly.20260330 11 / 0
1.0.0-nightly.20260329 11 / 0
1.0.0-nightly.20260328 11 / 0
1.0.0-nightly.20260327 11 / 0
1.0.0-nightly.20260326 11 / 0
1.0.0-nightly.20260325 11 / 0
1.0.0-nightly.20260324 11 / 0
1.0.0-nightly.20260323 11 / 0
1.0.0-nightly.20260322 11 / 0
1.0.0-nightly.20260321 11 / 0
1.0.0-nightly.20260320 11 / 0
1.0.0-nightly.20260319 11 / 0
1.0.0-nightly.20260318 11 / 0
1.0.0-nightly.20260317 11 / 0
1.0.0-nightly.20260316 11 / 0
1.0.0-nightly.20260315 11 / 0
1.0.0-nightly.20260314 11 / 0
1.0.0-nightly.20260313 12 / 0
1.0.0-nightly.20260311 12 / 0
1.0.0-nightly.20260310 12 / 0
1.0.0-nightly.20260309 12 / 0
1.0.0-nightly.20260308 13 / 0
1.0.0-nightly.20260307 13 / 0
1.0.0-nightly.20260306 13 / 0
1.0.0-nightly.20260305 13 / 0
1.0.0-nightly.20260303 13 / 0
1.0.0-nightly.20260302 13 / 0
1.0.0-nightly.20260225 13 / 0
1.0.0-nightly.20260224 13 / 0
1.0.0-nightly.20260223 13 / 0
1.0.0-nightly.20260222 13 / 0
1.0.0-nightly.20260220 13 / 0
1.0.0-nightly.20260219 13 / 0
1.0.0-nightly.20260218 13 / 0
1.0.0-beta.2 10 / 3
1.0.0-beta.1 11 / 0
0.3.29-dev.cc07c90 15 / 56
0.3.29-dev.a46eb0a 15 / 56
0.3.29-dev.73fda41 15 / 56
0.3.29-dev.6e34756 15 / 56
0.3.29-dev.514e3d8 15 / 57
0.3.29-dev.2d8c515 15 / 56
0.3.29-dev.2133c97 15 / 57
0.3.28-dev.ec3ea10 15 / 56
0.3.28-dev.ea0f155 15 / 57
0.3.28-dev.e0e7de1 15 / 56
0.3.28-dev.e04ffd3 15 / 57
0.3.28-dev.dd55218 15 / 57
0.3.28-dev.dc74f53 15 / 57
0.3.28-dev.d7867eb 15 / 57
0.3.28-dev.d4f7b44 15 / 55
0.3.28-dev.d0b5454 15 / 57
0.3.28-dev.cfb3d6c 15 / 57
0.3.28-dev.cb1284c 15 / 57
0.3.28-dev.cad0921 15 / 57
0.3.28-dev.c4f5d12 15 / 56
0.3.28-dev.c16ef63 15 / 54
0.3.28-dev.bed7913 15 / 57
0.3.28-dev.bec548a 15 / 57
0.3.28-dev.ba3319d 15 / 57
0.3.28-dev.b639d33 15 / 57
0.3.28-dev.ade198c 15 / 57
0.3.28-dev.9ea8577 14 / 55
0.3.28-dev.9383799 15 / 57
0.3.28-dev.925dee0 15 / 56
0.3.28-dev.8692da2 15 / 57
0.3.28-dev.83e3a8a 15 / 55
0.3.28-dev.835647a 15 / 56
0.3.28-dev.7c55d32 15 / 57
0.3.28-dev.797a8f5 14 / 55
Showing 100 of 207 Next page →

v1.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.28

3 findings
HIGH env-spread: browser/cli-ts-node-esm.js:8 semgrep

Spreading entire process.env into an object — may capture all secrets Source: https://github.com/typeorm/typeorm/blob/73fda419e4647c10377b28bd975171156c285693/browser/cli-ts-node-esm.js#L8 6 | const childProcess = spawnSync(process.argv[0], process.argv.slice(1), { 7 | stdio: "inherit", > 8 | env: { 9 | ...process.env, 10 | NODE_OPTIONS: [

HIGH env-spread: cli-ts-node-esm.js:10 semgrep

Spreading entire process.env into an object — may capture all secrets Source: https://github.com/typeorm/typeorm/blob/73fda419e4647c10377b28bd975171156c285693/cli-ts-node-esm.js#L10 8 | const childProcess = (0, child_process_1.spawnSync)(process.argv[0], process.argv.slice(1), { 9 | stdio: "inherit", > 10 | env: { 11 | ...process.env, 12 | NODE_OPTIONS: [

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.27

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.26

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.