[Snyk] Upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0 #5

eryn-muetzel · 2024-07-17T09:06:38Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 45 versions ahead of your current version.
The recommended version was released on 22 days ago.

Release notes

Package name: @tanstack/react-query-devtools

5.48.0 - 2024-06-25
Version 5.48.0 - 6/25/24, 2:14 PM

Changes

Feat
- core: Add possibility to pass a callback to enabled. (#7566) (31b9ab4) by John
Packages
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
5.47.0 - 2024-06-25
Version 5.47.0 - 6/25/24, 12:27 PM

Changes

Feat
- react-query: usePrefetchQuery (#7582) (fbfe940) by Dominik Dorfmeister
Chore
- Update typescript-eslint to v7 (#7610) (32bce35) by Lachlan Collins
Ci
- Prevent uploading coverage files found in Nx cache (#7619) (6355244) by Lachlan Collins
- Add tests for TS 4.7, 4.8, 4.9 (#7618) (15e42ba) by Lachlan Collins
- Add TS version tests (#7605) (8253a80) by Lachlan Collins
Packages
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
5.45.1 - 2024-06-16
Version 5.45.1 - 6/16/2024, 8:16 PM

Changes

Refactor
- react-query: improve type inference for useSuspenseQueries with skipToken (#7564) (77a7b28) by GwanSik Kim
Docs
- fix grammar mistake on migrating-to-v5.md (#7556) (8d69ef4) by Paul Ashioya
Packages
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
5.45.0 - 2024-06-12
Version 5.45.0 - 6/12/2024, 12:35 PM

Changes

Feat
- hydrate.transformPromise (#7538) (9a030b6) by Julius Marminge
Docs
- advanced-ssr: delete unused import (#7553) (bd094f8) by @ Lennon57
Packages
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
5.44.0 - 2024-06-11
Version 5.44.0 - 6/11/2024, 1:13 PM

Changes

Feat
- query-core: staleTime as a function (#7541) (96a743e) by Dominik Dorfmeister
Packages
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
- @ tanstack/[email protected]
5.40.1 - 2024-06-04
5.40.0 - 2024-05-27
5.39.0 - 2024-05-25
5.38.0 - 2024-05-25
5.37.1 - 2024-05-18
5.36.2 - 2024-05-15
5.36.1 - 2024-05-15
5.36.0 - 2024-05-12
5.35.5 - 2024-05-10
5.35.4 - 2024-05-10
5.35.1 - 2024-05-06
5.34.2 - 2024-05-05
5.34.1 - 2024-05-04
5.32.1 - 2024-04-30
5.32.0 - 2024-04-23
5.31.0 - 2024-04-22
5.29.2 - 2024-04-11
5.29.0 - 2024-04-05
5.28.14 - 2024-04-02
5.28.13 - 2024-04-02
5.28.12 - 2024-04-02
5.28.10 - 2024-03-27
5.28.9 - 2024-03-27
5.28.8 - 2024-03-25
5.28.6 - 2024-03-20
5.28.4 - 2024-03-15
5.28.3 - 2024-03-15
5.28.2 - 2024-03-14
5.28.0 - 2024-03-13
5.27.8 - 2024-03-12
5.27.6 - 2024-03-12
5.27.5 - 2024-03-12
5.27.4 - 2024-03-12
5.27.3 - 2024-03-12
5.27.1 - 2024-03-12
5.27.0 - 2024-03-12
5.26.3 - 2024-03-11
5.25.0 - 2024-03-05
5.24.8 - 2024-03-04
5.24.7 - 2024-03-03
5.24.6 - 2024-03-02

from @tanstack/react-query-devtools GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0. See this package in npm: @tanstack/react-query-devtools See this project in Snyk: https://app.snyk.io/org/eryn-muetzel/project/0c5924b1-f0dd-47b6-9de1-8c9fb6f5c7cb?utm_source=github&utm_medium=referral&page=upgrade-pr

stacklok-cloud · 2024-07-17T09:07:17Z

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 72666122:

🐞 vulnerable packages: 0

🛠 fixes available for: 0

stacklok-cloud-staging · 2024-07-17T09:07:18Z

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 72666122:

🐞 vulnerable packages: 0

🛠 fixes available for: 0

socket-security · 2024-07-17T09:07:39Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@tanstack/[email protected]	environment	`+1`	3.44 MB	tannerlinsley
npm/@tanstack/[email protected]	None	`+1`	3.11 MB	nksaraf, tannerlinsley

🚮 Removed packages: npm/@tanstack/[email protected], npm/@tanstack/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected]

View full report↗︎

socket-security · 2024-07-17T09:07:42Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/[email protected]	Install script: postinstall Source: `node ./bin/compute-project-graph`	`package-lock.json` `package.json`	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

stacklok-cloud-staging · 2024-07-17T09:07:50Z

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Provenance	0
Malicious	false

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Provenance	0
Malicious	false

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Provenance	0
Malicious	false

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: json-schema-traverse

Trusty Score: 4.8

Scoring details

Component	Score
Trust-summary	4.7
Provenance	8
Malicious	false
User activity	6.5
Repository activity	3.1
From	activity
Package activity	4.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

stacklok-cloud-staging · 2024-11-22T14:43:51Z

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/cli

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	7.9
Provenance	historical_provenance_match
From	provenance
User activity	8.7
Repository activity	8.7
Package activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	997
Number of git tags or releases	273
Versions matched to tags or releases	3

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6
Provenance	unknown

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance	unknown
User activity	0
Repository activity	0
From	activity
Package activity	0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance	unknown
From	activity
User activity	0
Repository activity	0
Package activity	0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6
Provenance	unknown
User activity	0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.6
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Repository activity	0
Package activity	0
Trust-summary	2.7
Provenance	unknown
From	activity
User activity	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.7

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.7
Provenance	unknown

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6
Provenance	unknown

📦 Dependency: @nrwl/tao

Trusty Score: 0

Scoring details

Component	Score
User activity	8.7
Repository activity	8.7
From	activity
Package activity	8.7
Trust-summary	9.1
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1613
Number of git tags or releases	320
Versions matched to tags or releases	253

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014867

📦 Dependency: @nrwl/workspace

Trusty Score: 0

Scoring details

Component	Score
User activity	8.7
Repository activity	8.7
From	activity
Package activity	8.7
Trust-summary	9
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1645
Number of git tags or releases	320
Versions matched to tags or releases	253

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014897

📦 Dependency: @parcel/watcher

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	8.4
Repository activity	4.9
Package activity	6.6
Provenance	historical_provenance_match
Trust-summary	4.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	37
Number of git tags or releases	25
Versions matched to tags or releases	21

📦 Dependency: @tanstack/query-core

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	8

📦 Dependency: @tanstack/query-devtools

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	9
Trust-summary	8
Provenance	verified_provenance_match
User activity	9.8
Repository activity	8.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	103
Number of git tags or releases	342
Versions matched to tags or releases	67

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=146251851

📦 Dependency: @tanstack/react-query

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	8.4

📦 Dependency: @tanstack/react-query-devtools

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	8.4

📦 Dependency: acorn

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	6
Provenance	historical_provenance_match
From	provenance
User activity	9.4
Repository activity	6.8
Package activity	8.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	136
Number of git tags or releases	103
Versions matched to tags or releases	102

📦 Dependency: ajv

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
User activity	8.5
Repository activity	7.6
From	activity
Package activity	8
Trust-summary	7.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	357
Number of git tags or releases	121
Versions matched to tags or releases	101

📦 Dependency: ansi-styles

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.8
Provenance	historical_provenance_match
Trust-summary	4.7
From	activity
User activity	10
Repository activity	3.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	28
Number of git tags or releases	27
Versions matched to tags or releases	26

📦 Dependency: babel-plugin-macros

Trusty Score: 0

Scoring details

Component	Score
Repository activity	5.1
From	activity
Package activity	7.3
Trust-summary	5.1
Provenance	historical_provenance_match
User activity	9.6

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	37
Number of git tags or releases	39
Versions matched to tags or releases	22

📦 Dependency: brace-expansion

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	9.4
Repository activity	3.5
Package activity	6.5
Trust-summary	5.1
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	19
Number of git tags or releases	18
Versions matched to tags or releases	17

📦 Dependency: chalk

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.3
Provenance	historical_provenance_match
User activity	9.9
Repository activity	6.4
From	provenance
Package activity	8.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	38
Number of git tags or releases	44
Versions matched to tags or releases	37

📦 Dependency: cliui

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
User activity	8.1
Repository activity	4.2
From	activity
Package activity	6.2
Trust-summary	5.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	25
Number of git tags or releases	39
Versions matched to tags or releases	24

📦 Dependency: cosmiconfig

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	6.8
Trust-summary	5.1
Provenance	historical_provenance_match
User activity	8.6
Repository activity	5.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	57
Number of git tags or releases	60
Versions matched to tags or releases	50

📦 Dependency: dotenv

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
From	activity
User activity	8.8
Repository activity	6.6
Package activity	7.7
Trust-summary	5.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	86
Number of git tags or releases	78
Versions matched to tags or releases	75

📦 Dependency: emoji-regex

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
Trust-summary	5.1
From	activity
User activity	0
Repository activity	4.9
Package activity	2.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	35
Number of git tags or releases	35
Versions matched to tags or releases	34

📦 Dependency: fast-glob

Trusty Score: 0

Scoring details

Component	Score
Repository activity	5.1
From	activity
Package activity	7
Provenance	historical_provenance_match
Trust-summary	5
User activity	8.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	43
Number of git tags or releases	40
Versions matched to tags or releases	37

📦 Dependency: fast-uri

Trusty Score: 0

Scoring details

Component	Score
User activity	8.4
Repository activity	3.4
Package activity	5.9
Trust-summary	4.4
Provenance	historical_provenance_match
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	14
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: fs-extra

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.6
User activity	9.2
Repository activity	6.5
From	activity
Package activity	7.8
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	96
Number of git tags or releases	89
Versions matched to tags or releases	89

📦 Dependency: glob

Trusty Score: 0

Scoring details

Component	Score
User activity	10
Repository activity	6
Package activity	8
Trust-summary	6
Provenance	historical_provenance_match
From	provenance

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	170
Number of git tags or releases	112
Versions matched to tags or releases	108

📦 Dependency: has-flag

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.2
Provenance	historical_provenance_match
Trust-summary	3.5
From	activity
User activity	9.6
Repository activity	2.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	6
Number of git tags or releases	5
Versions matched to tags or releases	5

📦 Dependency: json-schema-traverse

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.1
From	activity
Package activity	4.8
Provenance	historical_provenance_match
Trust-summary	3.5
User activity	6.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

📦 Dependency: minimatch

Trusty Score: 0

Scoring details

Component	Score
User activity	9.3
Repository activity	5.3
From	activity
Package activity	7.4
Trust-summary	5.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	110
Number of git tags or releases	104
Versions matched to tags or releases	101

📦 Dependency: nx

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	9.2

📦 Dependency: rxjs

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	4.4
Provenance	historical_provenance_match
Trust-summary	7.5
User activity	0
Repository activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	162
Number of git tags or releases	94
Versions matched to tags or releases	85

📦 Dependency: search-insights

Trusty Score: 0

Scoring details

Component	Score
User activity	9.7
Repository activity	4.6
From	activity
Package activity	7.1
Trust-summary	4.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	64
Number of git tags or releases	56
Versions matched to tags or releases	53

📦 Dependency: string-width

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
User activity	9.8
Repository activity	3.9
From	activity
Package activity	6.8
Trust-summary	4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	24
Number of git tags or releases	24
Versions matched to tags or releases	24

📦 Dependency: supports-color

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	4.7
From	activity
User activity	10
Repository activity	4.2
Package activity	7.1
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	50
Number of git tags or releases	57
Versions matched to tags or releases	49

📦 Dependency: tslib

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Provenance	historical_provenance_match
Trust-summary	5.5
From	activity
User activity	9.8
Repository activity	5.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	48
Number of git tags or releases	87
Versions matched to tags or releases	45

📦 Dependency: v8-compile-cache

Trusty Score: 0

Scoring details

Component	Score
Package activity	5.9
Provenance	historical_provenance_match
Trust-summary	5
From	activity
User activity	7.7
Repository activity	4.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: wrap-ansi

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	6.5
Trust-summary	4.8
Provenance	historical_provenance_match
User activity	9.7
Repository activity	3.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	20
Number of git tags or releases	19
Versions matched to tags or releases	19

stacklok-cloud · 2024-11-25T13:46:16Z

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/cli

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Provenance_type	unknown
Provenance	0
Trust-summary	6.3
From	provenance
User activity	8.7
Repository activity	8.7

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	0
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6
Provenance_type	unknown

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.7
Provenance_type	unknown

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.6
Provenance_type	unknown

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.7
Provenance_type	unknown
Provenance	0
User activity	0
Repository activity	0
From	activity
Package activity	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.8
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.7
Provenance_type	unknown
Provenance	0

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.6
Provenance_type	unknown
Provenance	0

📦 Dependency: @nrwl/tao

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	8.7
Trust-summary	9.3
Provenance_type	verified_provenance_match
Provenance	0
User activity	8.7
Repository activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1613
Number of git tags or releases	313
Versions matched to tags or releases	247

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014867

📦 Dependency: @nrwl/workspace

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Trust-summary	9.2
Provenance_type	verified_provenance_match
Provenance	0
User activity	8.7
Repository activity	8.7
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1645
Number of git tags or releases	313
Versions matched to tags or releases	247

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014897

📦 Dependency: @parcel/watcher

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
User activity	8.4
Repository activity	4.8
From	activity
Package activity	6.6
Trust-summary	5.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	37
Number of git tags or releases	25
Versions matched to tags or releases	21

📦 Dependency: @tanstack/query-core

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	verified_provenance_match
Provenance	0
User activity	9.4
Repository activity	8.3
From	activity
Package activity	8.8
Trust-summary	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	277
Number of git tags or releases	350
Versions matched to tags or releases	147

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=149755797

📦 Dependency: @tanstack/query-devtools

Trusty Score: 0

Scoring details

Component	Score
User activity	9.4
Repository activity	8.3
From	activity
Package activity	8.8
Trust-summary	8
Provenance_type	verified_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	105
Number of git tags or releases	355
Versions matched to tags or releases	69

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=151110717

📦 Dependency: @tanstack/react-query

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	7.9
Provenance_type	verified_provenance_match
Provenance	0
User activity	9.4
Repository activity	8.3
From	activity
Package activity	8.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	347
Number of git tags or releases	355
Versions matched to tags or releases	188

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=151110730

📦 Dependency: @tanstack/react-query-devtools

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
User activity	9.4
Repository activity	8.3
From	activity
Package activity	8.8
Trust-summary	8.3
Provenance_type	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	401
Number of git tags or releases	355
Versions matched to tags or releases	216

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=151110743

📦 Dependency: acorn

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.1
Trust-summary	6.2
Provenance_type	historical_provenance_match
Provenance	0
From	provenance
User activity	9.4
Repository activity	6.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	136
Number of git tags or releases	103
Versions matched to tags or releases	102

📦 Dependency: ajv

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	7.4
User activity	8.5
Repository activity	7.6
From	activity
Package activity	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	357
Number of git tags or releases	121
Versions matched to tags or releases	100

📦 Dependency: ansi-styles

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
User activity	10
Repository activity	3.7
From	activity
Package activity	6.8
Trust-summary	5.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	28
Number of git tags or releases	27
Versions matched to tags or releases	26

📦 Dependency: babel-plugin-macros

Trusty Score: 0

Scoring details

Component	Score
Repository activity	5.1
From	activity
Package activity	7.3
Trust-summary	5
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.6

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	37
Number of git tags or releases	39
Versions matched to tags or releases	22

📦 Dependency: brace-expansion

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.5
From	activity
Package activity	6.5
Trust-summary	4.9
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	19
Number of git tags or releases	18
Versions matched to tags or releases	17

📦 Dependency: chalk

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.6
User activity	9.9
Repository activity	6.4
From	provenance
Package activity	8.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	38
Number of git tags or releases	44
Versions matched to tags or releases	37

📦 Dependency: cliui

Trusty Score: 0

Scoring details

Component	Score
Repository activity	4.2
Package activity	6.2
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.2
From	activity
User activity	8.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	25
Number of git tags or releases	39
Versions matched to tags or releases	24

📦 Dependency: cosmiconfig

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.1
Provenance_type	historical_provenance_match
Provenance	0
User activity	8.6
Repository activity	5.1
From	activity
Package activity	6.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	57
Number of git tags or releases	59
Versions matched to tags or releases	50

📦 Dependency: dotenv

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.8
Provenance_type	historical_provenance_match
Provenance	0
User activity	8.8
Repository activity	6.6
From	activity
Package activity	7.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	86
Number of git tags or releases	78
Versions matched to tags or releases	75

📦 Dependency: emoji-regex

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	6.8
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	4.9
User activity	8.7
Repository activity	4.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	35
Number of git tags or releases	35
Versions matched to tags or releases	34

📦 Dependency: fast-glob

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	7.2
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.2
User activity	9.4
Repository activity	5.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	43
Number of git tags or releases	40
Versions matched to tags or releases	37

📦 Dependency: fast-uri

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.4
Package activity	5.9
Trust-summary	4.9
Provenance_type	historical_provenance_match
Provenance	0
From	activity
User activity	8.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	14
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: fs-extra

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Trust-summary	6
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.2
Repository activity	6.5
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	96
Number of git tags or releases	89
Versions matched to tags or releases	89

📦 Dependency: glob

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	6
User activity	10
Repository activity	6.1
From	activity
Package activity	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	170
Number of git tags or releases	112
Versions matched to tags or releases	108

📦 Dependency: has-flag

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	9.6
Repository activity	2.7
Package activity	6.2
Trust-summary	4.2
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	6
Number of git tags or releases	5
Versions matched to tags or releases	5

📦 Dependency: json-schema-traverse

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.1
Package activity	4.8
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	4.4
From	activity
User activity	6.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

📦 Dependency: minimatch

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	7.4
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.7
User activity	9.3
Repository activity	5.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	110
Number of git tags or releases	104
Versions matched to tags or releases	101

📦 Dependency: nx

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.8
Trust-summary	9.4
Provenance_type	verified_provenance_match
Provenance	0
User activity	8.9
Repository activity	8.7
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1501
Number of git tags or releases	346
Versions matched to tags or releases	278

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=149132471

📦 Dependency: rxjs

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
Trust-summary	7.3
User activity	9
Repository activity	8.7
From	provenance
Package activity	8.9
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	162
Number of git tags or releases	94
Versions matched to tags or releases	85

📦 Dependency: search-insights

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	4.8
Provenance_type	historical_provenance_match
Provenance	0
From	activity
User activity	9.7
Repository activity	4.7
Package activity	7.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	65
Number of git tags or releases	57
Versions matched to tags or releases	54

📦 Dependency: string-width

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
Trust-summary	5
From	activity
User activity	9.8
Repository activity	4
Package activity	6.9
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	24
Number of git tags or releases	23
Versions matched to tags or releases	23

📦 Dependency: supports-color

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
From	activity
Trust-summary	5.2
User activity	10
Repository activity	4.2
Package activity	7.1
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	50
Number of git tags or releases	57
Versions matched to tags or releases	49

📦 Dependency: tslib

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.6
From	activity
User activity	9.7
Repository activity	5.8
Package activity	7.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	48
Number of git tags or releases	87
Versions matched to tags or releases	45

📦 Dependency: v8-compile-cache

Trusty Score: 0

Scoring details

Component	Score
User activity	7.7
Repository activity	4.1
From	activity
Package activity	5.9
Trust-summary	4.6
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: wrap-ansi

Trusty Score: 0

Scoring details

Component	Score
From	activity
Trust-summary	4.7
User activity	9.7
Repository activity	3.3
Package activity	6.5
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	20
Number of git tags or releases	18
Versions matched to tags or releases	18

stacklok-cloud · 2024-12-02T13:56:46Z

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/cli

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Repository activity	8.7
User activity	8.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	997
Number of git tags or releases	57
Versions matched to tags or releases	3

Alternatives

Package	Score	Description
@angular/cli	0
create-react-app	0

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown

📦 Dependency: @nrwl/tao

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Repository activity	8.7
User activity	8.7
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1095
Number of git tags or releases	57
Versions matched to tags or releases	50

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014867

📦 Dependency: @nrwl/workspace

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Repository activity	8.7
User activity	8.7
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	1127
Number of git tags or releases	57
Versions matched to tags or releases	50

This package has been digitally signed using sigtore.


Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014897

📦 Dependency: @parcel/watcher

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.6
Repository activity	4.8
User activity	8.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	20
Number of git tags or releases	17
Versions matched to tags or releases	13

📦 Dependency: @tanstack/query-core

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Repository activity	8.2
User activity	7.3
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	244
Number of git tags or releases	279
Versions matched to tags or releases	123

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=112386521

📦 Dependency: @tanstack/query-devtools

Trusty Score: 0

Alternatives

Package	Score	Description
@reduxjs/toolkit	0
@ngrx/store-devtools	0

📦 Dependency: @tanstack/react-query

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Repository activity	8.2
User activity	7.3
Provenance	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	296
Number of git tags or releases	279
Versions matched to tags or releases	142

This package has been digitally signed using sigtore.


Source repository	https://github.com/TanStack/query
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/ci.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=112386526

Alternatives

Package	Score	Description
@apollo/client	0
swr	0
react-async	0

📦 Dependency: @tanstack/react-query-devtools

Trusty Score: 0

📦 Dependency: acorn

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.1
Repository activity	6.8
User activity	9.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	107
Number of git tags or releases	73
Versions matched to tags or releases	72

Alternatives

Package	Score	Description
acorn-jsx	0

📦 Dependency: ajv

Trusty Score: 0

Scoring details

Component	Score
Package activity	8
Repository activity	7.6
User activity	8.5
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	352
Number of git tags or releases	115
Versions matched to tags or releases	95

Alternatives

Package	Score	Description
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0
joi	0
jsonschema	0

📦 Dependency: ansi-styles

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.8
Repository activity	3.7
User activity	10
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	20
Number of git tags or releases	19
Versions matched to tags or releases	18

Alternatives

Package	Score	Description
chalk	0
colors	0
kleur	0
colorette	0
chalk	0
colors	0
kleur	0
colorette	0

📦 Dependency: babel-plugin-macros

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.3
Repository activity	5.1
User activity	9.6
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	34
Number of git tags or releases	36
Versions matched to tags or releases	19

Alternatives

Package	Score	Description
babel-plugin-preval	0

📦 Dependency: brace-expansion

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.5
Repository activity	3.5
User activity	9.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	15
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
braces	0
expand-braces	0
expand-range	0
braces	0
expand-braces	0
expand-range	0

📦 Dependency: chalk

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.2
Repository activity	6.4
User activity	9.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	31
Number of git tags or releases	38
Versions matched to tags or releases	31

Alternatives

Package	Score	Description
colors	0
kleur	0
colorette	0
ansi-colors	0
colors	0
kleur	0
colorette	0
ansi-colors	0

📦 Dependency: cliui

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.2
Repository activity	4.2
User activity	8.1
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	23
Number of git tags or releases	35
Versions matched to tags or releases	22

Alternatives

Package	Score	Description
blessed-contrib	0
ink	0
react-blessed	0
blessed-contrib	0
ink	0
react-blessed	0

📦 Dependency: cosmiconfig

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.8
Repository activity	5.1
User activity	8.6
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	36
Number of git tags or releases	32
Versions matched to tags or releases	32

Alternatives

Package	Score	Description
confit	0
find-config	0
confit	0
find-config	0

📦 Dependency: dotenv

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.7
Repository activity	6.6
User activity	8.8
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	47
Number of git tags or releases	39
Versions matched to tags or releases	37

Alternatives

Package	Score	Description
dotenv-webpack	0
dotenv-cli	0
dotenv-safe	0
dotenv-webpack	0
dotenv-cli	0
dotenv-safe	0

📦 Dependency: emoji-regex

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.8
Repository activity	4.9
User activity	8.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	23
Number of git tags or releases	22
Versions matched to tags or releases	22

Alternatives

Package	Score	Description
emojibase	0
emojibase	0

📦 Dependency: fast-glob

Trusty Score: 0

Scoring details

Component	Score
Package activity	7
Repository activity	5.1
User activity	8.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	35
Number of git tags or releases	31
Versions matched to tags or releases	29

Alternatives

Package	Score	Description
glob	0
fs-extra	0
globby	0
micromatch	0
glob-stream	0
find-up	0
glob-parent	0
glob-fs	0
glob	0
globby	0
micromatch	0
glob-stream	0
find-up	0
glob-parent	0
glob-fs	0

📦 Dependency: fast-uri

Trusty Score: 0

Scoring details

Component	Score
Package activity	5.9
Repository activity	3.4
User activity	8.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	12
Number of git tags or releases	11
Versions matched to tags or releases	11

Alternatives

Package	Score	Description
uri-js	0

📦 Dependency: fs-extra

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Repository activity	6.5
User activity	9.2
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	96
Number of git tags or releases	89
Versions matched to tags or releases	89

Alternatives

Package	Score	Description
rimraf	0
graceful-fs	0
fs-jetpack	0

📦 Dependency: glob

Trusty Score: 0

Alternatives

Package	Score	Description
rimraf	0
minimatch	0
fast-glob	0
glob-stream	0
glob-parent	0
node-glob	0
rimraf	0
minimatch	0
fast-glob	0
glob-stream	0
glob-parent	0
node-glob	0

📦 Dependency: has-flag

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.2
Repository activity	2.7
User activity	9.6
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	4
Number of git tags or releases	3
Versions matched to tags or releases	3

📦 Dependency: json-schema-traverse

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.8
Repository activity	3.1
User activity	6.5
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

Alternatives

Package	Score	Description
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0
ajv	0
swagger-parser	0

📦 Dependency: minimatch

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.4
Repository activity	5.4
User activity	9.3
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	42
Number of git tags or releases	36
Versions matched to tags or releases	33

Alternatives

Package	Score	Description
glob	0
micromatch	0
braces	0
picomatch	0
minimatch-all	0
glob	0
micromatch	0
braces	0
picomatch	0
minimatch-all	0

📦 Dependency: nx

Trusty Score: 0

📦 Dependency: rxjs

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.9
Repository activity	8.7
User activity	9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	128
Number of git tags or releases	60
Versions matched to tags or releases	53

Alternatives

Package	Score	Description
async	0
bluebird	0
rsvp	0
promise	0
lodash	0

📦 Dependency: search-insights

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.2
Repository activity	4.7
User activity	9.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	57
Number of git tags or releases	49
Versions matched to tags or releases	46

Alternatives

Package	Score	Description
algoliasearch	0

📦 Dependency: string-width

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.9
Repository activity	4
User activity	9.8
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	16
Number of git tags or releases	16
Versions matched to tags or releases	16

Alternatives

Package	Score	Description
string-length	0
wide-align	0
string-length	0
wide-align	0

📦 Dependency: supports-color

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.1
Repository activity	4.2
User activity	9.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	36
Number of git tags or releases	43
Versions matched to tags or releases	35

Alternatives

Package	Score	Description
chalk	0
colors	0
kleur	0

📦 Dependency: tslib

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.8
Repository activity	5.8
User activity	9.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	30
Number of git tags or releases	56
Versions matched to tags or releases	27

Alternatives

Package	Score	Description
ts-toolbelt	0
ts-helpers	0

📦 Dependency: v8-compile-cache

Trusty Score: 0

Scoring details

Component	Score
Package activity	5.9
Repository activity	4.1
User activity	7.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	12
Number of git tags or releases	12
Versions matched to tags or releases	12

📦 Dependency: wrap-ansi

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.5
Repository activity	3.3
User activity	9.7
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.


Published package versions	16
Number of git tags or releases	14
Versions matched to tags or releases	14

Alternatives

Package	Score	Description
chalk	0
ansi-styles	0
ansi-escapes	0
chalk	0
ansi-styles	0
ansi-escapes	0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0 #5

[Snyk] Upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0 #5

eryn-muetzel commented Jul 17, 2024

Changes

Feat

Packages

Changes

Feat

Chore

Ci

Packages

Changes

Refactor

Docs

Packages

Changes

Feat

Docs

Packages

Changes

Feat

Packages

stacklok-cloud bot commented Jul 17, 2024

Vulnerability scan of `72666122:`

stacklok-cloud-staging bot commented Jul 17, 2024

Vulnerability scan of `72666122:`

socket-security bot commented Jul 17, 2024

socket-security bot commented Jul 17, 2024

stacklok-cloud-staging bot commented Jul 17, 2024

stacklok-cloud-staging bot commented Nov 22, 2024

stacklok-cloud bot commented Nov 25, 2024

stacklok-cloud bot commented Dec 2, 2024

[Snyk] Upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0 #5

Are you sure you want to change the base?

[Snyk] Upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0 #5

Conversation

eryn-muetzel commented Jul 17, 2024

Snyk has created this PR to upgrade @tanstack/react-query-devtools from 5.24.6 to 5.48.0.

Changes

Feat

Packages

Changes

Feat

Chore

Ci

Packages

Changes

Refactor

Docs

Packages

Changes

Feat

Docs

Packages

Changes

Feat

Packages

stacklok-cloud bot commented Jul 17, 2024

Minder Vulnerability Report ✅

Vulnerability scan of 72666122:

stacklok-cloud-staging bot commented Jul 17, 2024

Minder Vulnerability Report ✅

Vulnerability scan of 72666122:

socket-security bot commented Jul 17, 2024

socket-security bot commented Jul 17, 2024

Next steps

stacklok-cloud-staging bot commented Jul 17, 2024

Dependency Information

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

📦 Dependency: json-schema-traverse

Trusty Score: 4.8

stacklok-cloud-staging bot commented Nov 22, 2024

Dependency Information

📦 Dependency: @nrwl/cli

Trusty Score: 0

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

📦 Dependency: @nrwl/tao

Trusty Score: 0

Vulnerability scan of `72666122:`

Vulnerability scan of `72666122:`