[Snyk] Upgrade @prisma/client from 5.10.2 to 5.16.0

[eryn-muetzel]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @prisma/client from 5.10.2 to 5.16.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 520 versions ahead of your current version.

• The recommended version was released on 22 days ago.

Release notes

Package name: @prisma/client

• 5.16.0 - 2024-06-25
  

  🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

  Highlights

  Omit model fields globally

  With Prisma ORM 5.16.0 we’re more than happy to announce that we’re expanding the omitApi Preview feature to also include the ability to omit fields globally.

  When the Preview feature is enabled, you’re able to define fields to omit when instantiating Prisma Client.

  const prisma = new PrismaClient({
    omit: {
      user: {
        // make sure that password is never queried.
        password: true,
      },
    },
  });

  You’re also able to omit fields from multiple models and multiple fields from the same model

  const prisma = new PrismaClient({
    omit: {
      user: { 
        // make sure that password and internalId are never queried.
        password: true,
        internalId: true,
      },
      post: {
        secretkey: true,
      },
    },
  });

  With both local and global omit, you now have the flexibility to completely remove sensitive fields while also tailoring individual queries. If you need the ability to generally omit a field except in a specific query, you can also overwrite a global omit locally

  const prisma = new PrismaClient({
  omit: {
  user: {
  // password is omitted globally.
  password: true,
  },
  },
  });

  const userWithPassword = await prisma.user.findUnique({
  omit: { password: false }, // omit now false, so password is returned
  where: { id: 1 },
  });

  Changes to prismaSchemaFolder

  In 5.15.0 we released the prismaSchemaFolder Preview feature, allowing you to create multiple Prisma Schema files in a prisma/schema directory. We’ve gotten a lot of great feedback and are really excited with how the community has been using the feature.

  To continue improving our multi-file schema support, we have a few breaking changes to the prismaSchemaFolder feature:

  • When using relative paths in Prisma Schema files with the prismaSchemaFolder feature, a path is now relative to the file it is defined in rather than relative to the prisma/schema folder. This means that if you have a generator block in /project/prisma/schema/config/generator.prisma with an output of ./foo the output will be resolved to /project/prisma/schema/config/foo rather than /project/prisma/foo. The path to a SQLite file will be resolved in the same manner.
  • We realized that during migration many people would have prisma/schema as well as prisma/schema.prisma. Our initial implementation looked for a .prisma file first and would ignore the schema folder if it exists. This is now an error.

  Changes to fullTextSearch

  In order to improve our full-text search implementation we have made a breaking change to the fullTextSearch Preview feature.

  Previously, when the feature was enabled we updated the <Model>OrderByWithRelationInput TypeScript type with the <Model>OrderByWithRelationAndSearchRelevanceInput type. However, we have noted that there are no cases where relational ordering is needed but search relevance is not. Thus, we have decided to remove the <Model>OrderByWithRelationAndSearchRelevanceInput naming and only use the <Model>OrderByWithRelationInput naming.

  Fixes and improvements

  Prisma

  • Wrong Parameterized Types Sent for SQL Server Queries
  • Prisma has no exported member named OrderByWithRelationInput. Did you mean OrderByWithAggregationInput?
  • [Driver Adapters]: missing provider compatibility validation
  • Disable "Start using Prisma Client" hint logs on prisma generate
  • Deploying prisma to CloudFlare pages using Nuxt/Nitro and node-postgres (pg) is using the wrong(vercel) wasm path
  • @ prisma/adapter-pg modifies node-postgres global type parsers
  • @prisma/adapter-d1 is failing with an import error when called inside vitest tests
  • db pull fails with [libs\user-facing-errors\src\quaint.rs:136:18] internal error: entered unreachable code on invalid credentials

  Language tools (e.g. VS Code)

  • Make prisma-fmt logs to work with language server
  • Spans and positions get shifted out of sync when schema includes multibyte characters
  • VSCode extension panics when opening an empty prisma schema

  Prisma Engines

  • [DA] Planetscale engine tests: one2m_mix_required_writable_readable
  • [DA] Planetscale engine tests: apply_number_ops

  Credits

  Huge thanks to @ key-moon, @ pranayat, @ yubrot, @ skyzh, @ brian-dlee, @ mydea, @ nickcarnival, @ eruditmorina, @ nzakas, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev, @ yehonatanz for helping!

• 5.16.0-integration-vitest-workaround.2 - 2024-06-25
• 5.16.0-integration-vitest-workaround.1 - 2024-06-17
• 5.16.0-integration-sqlite-fix.1 - 2024-06-11
• 5.16.0-integration-optimize-login-v2.5 - 2024-06-19
• 5.16.0-integration-optimize-login-v2.4 - 2024-06-18
• 5.16.0-integration-optimize-login-v2.3 - 2024-06-18
• 5.16.0-integration-optimize-login-v2.2 - 2024-06-18
• 5.16.0-integration-optimize-login-v2.1 - 2024-06-18
• 5.16.0-integration-joel-repro-gh-11789.2 - 2024-06-18
• 5.16.0-integration-joel-repro-gh-11789.1 - 2024-06-18
• 5.16.0-integration-janpio-studio-prisma-config.3 - 2024-06-14
• 5.16.0-integration-janpio-studio-prisma-config.2 - 2024-06-14
• 5.16.0-integration-janpio-studio-prisma-config.1 - 2024-06-14
• 5.16.0-integration-fix-empty-schema.1 - 2024-06-10
• 5.16.0-integration-engines-5-16-0-15-fix-fts-relation-input-name-9388ddb70ab6bc6cba66ec9b351906f857af5d3f.1 - 2024-06-17
• 5.16.0-integration-engines-5-16-0-1-fix-sqlite-concurrent-writes-74a48e9f33b0a8b403045af35430ce444541be88.1 - 2024-06-05
• 5.16.0-integration-crypto-client-vercel.2 - 2024-06-05
• 5.16.0-integration-crypto-client-vercel.1 - 2024-06-05
• 5.16.0-dev.64 - 2024-06-25
• 5.16.0-dev.63 - 2024-06-25
• 5.16.0-dev.62 - 2024-06-24
• 5.16.0-dev.61 - 2024-06-24
• 5.16.0-dev.60 - 2024-06-24
• 5.16.0-dev.59 - 2024-06-21
• 5.16.0-dev.58 - 2024-06-21
• 5.16.0-dev.57 - 2024-06-20
• 5.16.0-dev.56 - 2024-06-20
• 5.16.0-dev.55 - 2024-06-20
• 5.16.0-dev.54 - 2024-06-20
• 5.16.0-dev.53 - 2024-06-19
• 5.16.0-dev.51 - 2024-06-19
• 5.16.0-dev.50 - 2024-06-19
• 5.16.0-dev.49 - 2024-06-18
• 5.16.0-dev.48 - 2024-06-18
• 5.16.0-dev.47 - 2024-06-18
• 5.16.0-dev.46 - 2024-06-18
• 5.16.0-dev.45 - 2024-06-17
• 5.16.0-dev.44 - 2024-06-17
• 5.16.0-dev.43 - 2024-06-17
• 5.16.0-dev.42 - 2024-06-17
• 5.16.0-dev.41 - 2024-06-17
• 5.16.0-dev.40 - 2024-06-14
• 5.16.0-dev.39 - 2024-06-14
• 5.16.0-dev.38 - 2024-06-14
• 5.16.0-dev.37 - 2024-06-14
• 5.16.0-dev.36 - 2024-06-13
• 5.16.0-dev.35 - 2024-06-12
• 5.16.0-dev.34 - 2024-06-12
• 5.16.0-dev.33 - 2024-06-12
• 5.16.0-dev.32 - 2024-06-12
• 5.16.0-dev.31 - 2024-06-12
• 5.16.0-dev.30 - 2024-06-12
• 5.16.0-dev.29 - 2024-06-12
• 5.16.0-dev.28 - 2024-06-12
• 5.16.0-dev.27 - 2024-06-11
• 5.16.0-dev.26 - 2024-06-11
• 5.16.0-dev.25 - 2024-06-10
• 5.16.0-dev.24 - 2024-06-10
• 5.16.0-dev.23 - 2024-06-10
• 5.16.0-dev.22 - 2024-06-10
• 5.16.0-dev.21 - 2024-06-10
• 5.16.0-dev.20 - 2024-06-10
• 5.16.0-dev.19 - 2024-06-10
• 5.16.0-dev.18 - 2024-06-10
• 5.16.0-dev.17 - 2024-06-10
• 5.16.0-dev.16 - 2024-06-07
• 5.16.0-dev.15 - 2024-06-07
• 5.16.0-dev.14 - 2024-06-07
• 5.16.0-dev.13 - 2024-06-06
• 5.16.0-dev.12 - 2024-06-06
• 5.16.0-dev.11 - 2024-06-06
• 5.16.0-dev.9 - 2024-06-05
• 5.16.0-dev.8 - 2024-06-05
• 5.16.0-dev.7 - 2024-06-05
• 5.16.0-dev.6 - 2024-06-05
• 5.16.0-dev.5 - 2024-06-05
• 5.16.0-dev.4 - 2024-06-04
• 5.16.0-dev.3 - 2024-06-04
• 5.16.0-dev.2 - 2024-06-04
• 5.16.0-dev.1 - 2024-06-04
• 5.15.1 - 2024-06-18
  

  Today, we are issuing the 5.15.1 patch release.

  Fixes in Prisma Client

  • internal error: entered unreachable code
  • Got error 'internal error: entered unreachable code' when trying to perform an upsert.
  • Prisma Client errors on SQLite with internal error: entered unreachable code when running 2 concurrent upsert
  • ConnectionError(Timed out during query execution.) during seeding
  • SQLite timeouts after upgrade from prisma 2 to prisma 4
  • ConnectionError(Timed out during query execution.) error when using Promise.all for SQLite
  • Improve the error when SQLite database file is locked
  • sqlite timeout error multiple queries run one after another
  • SQLite times out during query execution when using Promise.all() / concurrent
  • internal error: entered unreachable code
• 5.15.1-dev.1 - 2024-06-17
• 5.15.0 - 2024-06-04
  

  Today, we are excited to share the 5.15.0 stable release 🎉

  🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

  Highlights

  Multi-File Prisma Schema support

  Prisma ORM 5.15.0 features support for multi-file Prisma Schema in Preview.

  This closes a long standing issue and does so in a clean and easy to migrate way.

  To get started:

  1. Enable the prismaSchemaFolder Preview feature by including it in the previewFeatures field of your generator.
     datasource db {
     provider = "postgresql"
     url = env("DATABASE_URL")
     }

     generator client {
     provider = "prisma-client-js"
     previewFeatures = ["prismaSchemaFolder"]
     }
     

  2. Create a schema subdirectory under your prisma directory.
  3. Move your schema.prisma into this directory.

  You are now set up with a multi-file Prisma Schema! Add as many or as few .prisma files to the new prisma/schema directory.

  When running commands where a Prisma Schema file is expected to be provided, you can now define a Prisma Schema directory. This includes Prisma CLI commands that use the --schema option as well as defining schema via package.json

  Our tooling has also been updated to handle multiple Prisma Schema files. This includes our Visual Studio Code extension and tools like database introspection, which will deposit new models in a introspected.prisma file. Existing models will be updated in the file they are found.

  To learn more, please refer to our official documentation and announcement blog post. If you try out prismaSchemaFolder, please let us know!

  Interesting Bug Fixes

  Fix for PostgreSQL prepared statement caching for raw queries

  This release fixes a nasty bug with the caching of prepared statements in raw Prisma Client queries that affected PostgreSQL when you ran the same SQL statement with differently typed paramters. This should not fail any more.

  Fix for SQL Server introspection of (deprecated) CREATE DEFAULT

  Our Introspection logic crashed on encountering certain multi-line CREATE DEFAULT, a deprecated way to define defaults in SQL Server. As many SQL Server users are working with established databases, this happened frequently enough that we now explicitly ignore these defaults instead of crashing.

  Fix for Cloudflare D1’s lower parameter limit

  Cloudflare’s D1 has a lower parameter limit than local SQLite, which caused bigger queries to fail. We adapted that limit to the D1 default for @ prisma/adapter-d1, which will avoid such failures.

  Fix for Cloudflare D1’s different PRAGMA support

  Our generated migration SQL for SQLite did not always work for Cloudflare D1, because of differences in the supported pragmas. We adapted the SQL to work in both local SQLite and Cloudflare D1.

  Fixes and improvements

  Prisma Migrate

  • Crash on multiline defaults introspection on MSSQL
  • Error: [libs\sql-schema-describer\src\mssql.rs:315:30] called Result::unwrap() on an Err value: "Couldn't parse default value: create default [dbo].[member_notification_cancel_flags] as 0\r\n"
  • Error: [libs\sql-schema-describer\src\mssql.rs:315:30] called Result::unwrap() on an Err value: "Couldn't parse default value: create default d_password as 'D,73' "
  • Crash introspecting MSSQL database with DEFAULTs
  • doing introspection on a SQL Server 2018 DB - for Dynamic GP get the following error.
  • Error: [libs\sql-schema-describer\src\mssql.rs:317:30] called Result::unwrap() on an Err value: "Couldn't parse default value: \r\ncreate default D_BIT_OFF\r\nas 0\r\n"
  • Error: called Result::unwrap() on an Err value: "Couldn't parse default value in SQL Server
  • db pull errors on SQL Server with Error: [libs\sql-schema-describer\src\mssql.rs:336:30] called Result::unwrap()on anErr value: "Couldn't parse default value: [...]
  • Error: [libs\sql-schema-describer\src\mssql.rs:336:30] called Result::unwrap() on an Err value: "Couldn't parse default value: \r\ncreate default [va_nulla] as 0\r\n"
  • Error when pulling from database
  • Foreign key relation results in erroneous second migration
  • db pull can't parse script setting default value
  • Bug: Migrations not compatible with D1
  • SQL Server Introspection crashes on multi-line (deprecated) defaults

  Prisma Client

  • Raw query failed. Code: 22P03. Message: db error: ERROR: incorrect binary data format in bind parameter 1
  • Float number on raw query: incorrect binary data format in bind parameter 1
  • Can't use Prisma client in Next.js middleware, even when deploying to Node.js
  • Prepared statement caching is data dependent on numeric input parameters (incorrect binary data format in bind parameter x)
  • Turso Driver Adapter: Including _count leads to error
  • Next.js app build fails when using Prisma with DB driver in Server Action
  • Bug: [D1] Error in performIO: Error: D1_ERROR: too many SQL variables
  • Remove warn(prisma-client) This is the 10th instance of Prisma Client being started. warning in Edge (and potentially) other envs)
  • $executeRawUnsafe: incorrect binary data format in bind parameter 6
  • Bug: Error or bug using Prisma with DriverAdapter with PostgreSQL database Neon
  • Inconsistent column data: Unexpected conversion failure from Number to BigInt error when using @prisma/adapter-pg
  • Incompatibility with NextJS app dir, CloudFlare Pages and D1
  • Breaking change? Int switched to being Int32 for MongoDB

  Language tools (e.g. VS Code)

  • VS Code extension is showing an advertisement
  • Generate codelens fails on Windows
  • We incorrectly read commented out preview features if they are before the real preview features

  Credits

  Huge thanks to @ pranayat, @ yubrot, and @ skyzh for helping!

• 5.15.0-integration-static-wasm-worker-loader.2 - 2024-05-23
• 5.15.0-integration-static-wasm-worker-loader.1 - 2024-05-22
• 5.15.0-integration-pr-24186.1 - 2024-05-15
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.8 - 2024-06-03
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.7 - 2024-05-31
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.5 - 2024-05-22
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.4 - 2024-05-22
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.3 - 2024-05-22
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.2 - 2024-05-22
• 5.15.0-integration-fix-sqlite-d1-max-bind-values.1 - 2024-05-20
• 5.15.0-integration-feat-cli-pdp-optimize-tracking.1 - 2024-05-14
• 5.15.0-integration-engines-5-15-0-9-wasm-update-nightly-f2a9d342d78503d7a478faefd4bb8a7e79d927f5.1 - 2024-05-27
• 5.15.0-integration-engines-5-15-0-4-integration-fix-sqlite-d1-migrations-93d288241fddb3768c310aeceb6b0120145c6f6d.2 - 2024-05-16
• 5.15.0-integration-engines-5-15-0-4-integration-fix-sqlite-d1-migrations-93d288241fddb3768c310aeceb6b0120145c6f6d.1 - 2024-05-16
• 5.15.0-integration-engines-5-15-0-21-feat-multi-file-introspection-cli-2-146af78f10dc7146469ce4d409ecaca820e74472.1 - 2024-05-30
• 5.15.0-integration-engines-5-15-0-18-feat-multi-file-introspection-cli-2-2161c3dd5f60d5d52f89724118f4b1328f7d161d.1 - 2024-05-30
• 5.15.0-integration-engines-5-15-0-17-feat-multi-file-introspection-cli-1-27cfda7ab7d009c56e2bfb58badc16a348cbeefa.1 - 2024-05-29
• 5.15.0-integration-engines-5-15-0-15-get-config-fault-tolerant-49eaa97e1de2cace3bd0d8016b165ad0012b7f1a.1 - 2024-05-29
• 5.15.0-integration-engines-5-15-0-14-feat-restore-json-noparse-9e8157b12aa689561bf138f5e305ef24cf4bd2e3.1 - 2024-05-29
• 5.15.0-integration-engines-5-15-0-11-integration-fix-sqlite-d1-migrations-9cebc28b8d3cb5e1ebd8ad8d096e1cef4725d5ad.2 - 2024-05-28
• 5.15.0-integration-engines-5-15-0-11-integration-fix-sqlite-d1-migrations-9cebc28b8d3cb5e1ebd8ad8d096e1cef4725d5ad.1 - 2024-05-28
• 5.15.0-integration-client-dynamic-wasm-imports.2 - 2024-05-29
• 5.15.0-integration-client-dynamic-wasm-imports.1 - 2024-05-28
• 5.15.0-dev.73 - 2024-06-04
• 5.15.0-dev.72 - 2024-06-03
• 5.15.0-dev.71 - 2024-06-03
• 5.15.0-dev.70 - 2024-06-03
• 5.15.0-dev.69 - 2024-06-03
• 5.15.0-dev.68 - 2024-06-03
• 5.15.0-dev.67 - 2024-06-03
• 5.15.0-dev.66 - 2024-06-03
• 5.15.0-dev.64 - 2024-06-03
• 5.15.0-dev.63 - 2024-05-31
• 5.15.0-dev.62 - 2024-05-31
• 5.15.0-dev.61 - 2024-05-31
• 5.15.0-dev.60 - 2024-05-31
• 5.15.0-dev.59 - 2024-05-31
• 5.15.0-dev.58 - 2024-05-31
• 5.15.0-dev.57 - 2024-05-31
• 5.15.0-dev.56 - 2024-05-30
• 5.15.0-dev.55 - 2024-05-30
• 5.15.0-dev.54 - 2024-05-30
• 5.15.0-dev.53 - 2024-05-30
• 5.15.0-dev.52 - 2024-05-30
• 5.15.0-dev.51 - 2024-05-30
• 5.15.0-dev.50 - 2024-05-30
• 5.15.0-dev.49 - 2024-05-29
• 5.15.0-dev.48 - 2024-05-29
• 5.15.0-dev.47 - 2024-05-29
• 5.15.0-dev.46 - 2024-05-29
• 5.15.0-dev.45 - 2024-05-29
• 5.15.0-dev.44 - 2024-05-29
• 5.15.0-dev.43 - 2024-05-29
• 5.15.0-dev.42 - 2024-05-29
• 5.15.0-dev.41 - 2024-05-28
• 5.15.0-dev.40 - 2024-05-28
• 5.15.0-dev.39 - 2024-05-28
• 5.15.0-dev.38 - 2024-05-28
• 5.15.0-dev.37 - 2024-05-28
• 5.15.0-dev.36 - 2024-05-28
• 5.15.0-dev.35 - 2024-05-28
• 5.15.0-dev.34 - 2024-05-28
• 5.15.0-dev.33 - 2024-05-27
• 5.15.0-dev.32 - 2024-05-27
• 5.15.0-dev.31 - 2024-05-27
• 5.15.0-dev.30 - 2024-05-23
• 5.15.0-dev.29 - 2024-05-23
• 5.15.0-dev.28 - 2024-05-22
• 5.15.0-dev.27 - 2024-05-22
• 5.15.0-dev.26 - 2024-05-22
• 5.15.0-dev.25 - 2024-05-22
• 5.15.0-dev.24 - 2024-05-22
• 5.15.0-dev.23 - 2024-05-22
• 5.15.0-dev.22 - 2024-05-22
• 5.15.0-dev.21 - 2024-05-22
• 5.15.0-dev.20 - 2024-05-21
• 5.15.0-dev.19 - 2024-05-21
• 5.15.0-dev.18 - 2024-05-21
• 5.15.0-dev.17 - 2024-05-17
• 5.15.0-dev.16 - 2024-05-17
• 5.15.0-dev.15 - 2024-05-16
• 5.15.0-dev.14 - 2024-05-16
• 5.15.0-dev.13 - 2024-05-16
• 5.15.0-dev.12 - 2024-05-15
• 5.15.0-dev.11 - 2024-05-15
• 5.15.0-dev.10 - 2024-05-15
• 5.15.0-dev.9 - 2024-05-15
• 5.15.0-dev.8 - 2024-05-15
• 5.15.0-dev.7 - 2024-05-15
• 5.15.0-dev.6 - 2024-05-15
• 5.15.0-dev.5 - 2024-05-15
• 5.15.0-dev.4 - 2024-05-15
• 5.15.0-dev.3 - 2024-05-15
• 5.15.0-dev.2 - 2024-05-14
• 5.14.0 - 2024-05-14
  

  Today, we are excited to share the 5.14.0 stable release 🎉

  🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release. 🌟

  Highlights

  Share your feedback about Prisma ORM

  We want to know how you like working with Prisma ORM in your projects! Please take our 2min survey and let us know what you like or where we can improve 🙏

  createManyAndReturn()

  We’re happy to announce the availability of a new, top-level Prisma Client query: createManyAndReturn(). It works similarly to createMany() but uses a RETURNING clause in the SQL query to retrieve the records that were just created.

  Here’s an example of creating multiple posts and then immediately returning those posts.

  const postBodies = req.json()['posts']

  const posts = prisma.post.createManyAndReturn({
  data: postBodies
  });

  return posts

  Additionally,createManyAndReturn() supports the same options as findMany(), such as the ability to return only specific fields.

  const postBodies = req.json()['posts']

  const postTitles = prisma.post.createManyAndReturn({
  data: postBodies,
  select: {
  title: true,
  },
  });

  return postTitles

  Full documentation for this feature can be found in the Prisma Client API Reference.

  Note: Because createManyAndReturn() uses the RETURNING clause, it is only supported by PostgreSQL, CockroachDB, and SQLite databases. At this time, relationLoadStrategy: join is not supported in createManyAndReturn() queries.

  MongoDB performance improvements

  Previously, Prisma ORM suffered from performance issues when using the in operator or when including related models in queries against a MongoDB database. These queries were translated by the Prisma query engine in such a way that indexes were skipped and collection scans were used, leading to slower queries especially on large datasets.

  With 5.14.0, Prisma ORM now rewrites queries to use a combination of $or and $eq operators, leading to dramatic performance increases for queries that include in operators or relation loading.

  Fixes and improvements

  Prisma Client

  • createMany() should return the created records
  • Generating Prisma client without any model in its schema
  • MongoDB: Performance issue with nested take on many-to-one relationship
  • Slow queries on MongoDB using include for relations
  • [MongoDB] Performance issue in findMany() query execution with in
  • MongoDB nested/include query slow
  • MongoDB Connector generates queries which do not take advantage of indices.
  • Mongodb Nested Queries Not Using Indexes
  • MongoDB slow delete with onDelete: SetNull
  • Slow query with many-to-one relationship on MongoDB
  • prisma init --with-model
  • Fixed version of @ opentelemetry/* dependencies
  • Usage of deprecated punycode module
  • Bug: D1 One-to-Many Relation INSERTs fail with The required connected records were not found. when using indices

  Prisma Migrate

  • Empty dbgenerated() still breaking for Unsupported() types
  • Validation error when shadowDatabaseUrl is identical to url (or directUrl)
  • MongoDB Query with 'in' condition will cause COLLSCAN, without leveraging indexes
  • "Not Authorised" when directly applying Prisma generated migrations to Cloudflare D1 with PRAGMA foreign_key_check;

  Language tools (e.g. VS Code)

  • make superior: model generate
  • Missing code autocomplete for referential actions with mongodb

  Company news

  Prisma Changelog

  Curious about all things Prisma? Be sure to check out the Prisma Changelog for updates across Prisma's products, including ORM, Accelerate, and Pulse!

  New product announcement: Prisma Optimize

  With this release, we are excited to introduce a new Prisma product. We’re calling it “Optimize” because that’s what it does! Let your favorite ORM also help you debug the performance of your application.

  Check out our announcement blog post for more details, including a demo video.

  Credits

  Huge thanks to @ pranayat, @ yubrot, @ skyzh, @ anuraaga, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev for helping!

• 5.14.0-integration-static-wasm-worker-loader.5 - 2024-05-13
• 5.14.0-integration-static-wasm-worker-loader.4 - 2024-05-08
• 5.14.0-integration-static-wasm-worker-loader.3 - 2024-04-30
• 5.14.0-integration-static-wasm-worker-loader.2 - 2024-04-30
• 5.14.0-integration-static-wasm-worker-loader.1 - 2024-04-30
• 5.14.0-integration-schema-files-resolver.10 - 2024-05-14
• 5.14.0-integration-schema-files-resolver.9 - 2024-05-14
• 5.14.0-integration-schema-files-resolver.8 - 2024-05-10
• 5.14.0-integration-schema-files-resolver.7 - 2024-05-10
• 5.14.0-integration-schema-files-resolver.6 - 2024-05-08
• 5.14.0-integration-schema-files-resolver.5 - 2024-05-08
• 5.14.0-integration-schema-files-resolver.4 - 2024-05-08
• 5.14.0-integration-schema-files-resolver.3 - 2024-05-07
• 5.14.0-integration-schema-files-resolver.2 - 2024-05-07
• 5.14.0-integration-schema-files-resolver.1 - 2024-05-06
• 5.14.0-integration-engines-5-14-0-26-text-comp-multi-20f7cb6cf71d1ee66be7363748ca983d326e9db1.1 - 2024-05-14
• 5.14.0-integration-engines-5-14-0-22-integration-rust-1-78-wasm-fc926224322c04c61c76032c9985a1d4fdfee13f.2 - 2024-05-10
• 5.14.0-integration-engines-5-14-0-22-integration-rust-1-78-wasm-fc926224322c04c61c76032c9985a1d4fdfee13f.1 - 2024-05-10
• 5.14.0-integration-engines-5-14-0-19-fix-ds-url-rn-03c57ba9ba8eea9dfcf11c5382fdb6822d5aa3d2.1 - 2024-05-10
• 5.14.0-integration-engines-5-14-0-10-feat-create-many-and-return-31c187d29db487fb54d6bb593a851d2f9e5687a6.2 - 2024-05-02
• 5.14.0-integration-engines-5-14-0-10-feat-create-many-and-return-31c187d29db487fb54d6bb593a851d2f9e5687a6.1 - 2024-05-02
• 5.14.0-integration-engines-5-14-0-1-integration-vitess-constraint-fix-ca251465b6b966a5b9f61c3a8077ef99275ca330.2 - 2024-04-23
• 5.14.0-integration-engines-5-14-0-1-integration-vitess-constraint-fix-ca251465b6b966a5b9f61c3a8077ef99275ca330.1 - 2024-04-23
• 5.14.0-dev.77 - 2024-05-14
• 5.14.0-dev.76 - 2024-05-13
• 5.14.0-dev.75 - 2024-05-13
• 5.14.0-dev.74 - 2024-05-13
• 5.14.0-dev.72 - 2024-05-13
• 5.14.0-dev.71 - 2024-05-13
• 5.14.0-dev.70 - 2024-05-13
• 5.14.0-dev.69 - 2024-05-13
• 5.14.0-dev.68 - 2024-05-13
• 5.14.0-dev.67 - 2024-05-10
• 5.14.0-dev.66 - 2024-05-10
• 5.14.0-dev.65 - 2024-05-08
• 5.14.0-dev.64 - 2024-05-08
• 5.14.0-dev.63 - 2024-05-08
• 5.14.0-dev.62 - 2024-05-08
• 5.14.0-dev.61 - 2024-05-08
• 5.14.0-dev.60 - 2024-05-08
• 5.14.0-dev.59 - 2024-05-08
• 5.14.0-dev.58 - 2024-05-08
• 5.14.0-dev.57 - 2024-05-08
• 5.14.0-dev.56 - 2024-05-08
• 5.14.0-dev.55 - 2024-05-08
• 5.14.0-dev.54 - 2024-05-07
• 5.14.0-dev.53 - 2024-05-07
• 5.14.0-dev.52 - 2024-05-07
• 5.14.0-dev.51 - 2024-05-06
• 5.14.0-dev.50 - 2024-05-06
• 5.14.0-dev.49 - 2024-05-06
• 5.14.0-dev.48 - 2024-05-03
• 5.14.0-dev.47 - 2024-05-03
• 5.14.0-dev.46 - 2024-05-02
• 5.14.0-dev.44 - 2024-05-02
• 5.14.0-dev.43 - 2024-05-02
• 5.14.0-dev.42 - 2024-05-02
• 5.14.0-dev.41 - 2024-05-02
• 5.14.0-dev.40 - 2024-05-02
• 5.14.0-dev.39 - 2024-05-02
• 5.14.0-dev.38 - 2024-05-02
• 5.14.0-dev.36 - 2024-05-02
• 5.14.0-dev.35 - 2024-05-01
• 5.14.0-dev.34 - 2024-04-30
• 5.14.0-dev.33 - 2024-04-30
• 5.14.0-dev.32 - 2024-04-30
• 5.14.0-dev.31 - 2024-04-30
• 5.14.0-dev.30 - 2024-04-30
• 5.14.0-dev.28 - 2024-04-30
• 5.14.0-dev.27 - 2024-04-30
• 5.14.0-dev.26 - 2024-04-30
• 5.14.0-dev.25 - 2024-04-30
• 5.14.0-dev.24 - 2024-04-30
• 5.14.0-dev.23 - 2024-04-29
• 5.14.0-dev.22 - 2024-04-26
• 5.14.0-dev.21 - 2024-04-26
• 5.14.0-dev.20 - 2024-04-26
• 5.14.0-dev.19 - 2024-04-26
• 5.14.0-dev.18 - 2024-04-26
• 5.14.0-dev.16 - 2024-04-25
• 5.14.0-dev.14 - 2024-04-25
• 5.14.0-dev.13 - 2024-04-25
• 5.14.0-dev.12 - 2024-04-24
• 5.14.0-dev.11 - 2024-04-24
• 5.14.0-dev.9 - 2024-04-24
• 5.14.0-dev.6 - 2...

[jit-ci]

Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset.

In case there are security findings, they will be communicated to you as a comment inside the PR.

Hope you’ll enjoy using Jit.

Questions? Comments? Want to learn more? Get in touch with us.

[stacklok-cloud]

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 5f92aa98:

• 🐞 vulnerable packages: 0
• 🛠 fixes available for: 0

[stacklok-cloud-staging]

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 5f92aa98:

• 🐞 vulnerable packages: 0
• 🛠 fixes available for: 0

[stacklok-cloud-staging]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Provenance	0
Malicious	false

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: json-schema-traverse

Trusty Score: 4.8

Scoring details

Component	Score
User activity	6.5
Repository activity	3.1
From	activity
Package activity	4.8
Trust-summary	4.7
Provenance	8
Malicious	false

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@prisma/[email protected]	environment, filesystem, shell	0	8.38 MB	prismabot

🚮 Removed packages: npm/@prisma/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/[email protected]	Install script: postinstall Source: node ./bin/compute-project-graph	package-lock.json package.json	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[stacklok-cloud-staging]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/cli

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Trust-summary	7.9
Provenance	historical_provenance_match
From	provenance
User activity	8.7
Repository activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	997
Number of git tags or releases	273
Versions matched to tags or releases	3

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Repository activity	0
Package activity	0
Trust-summary	2.6
Provenance	unknown
From	activity
User activity	0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance	unknown
User activity	0
Repository activity	0
From	activity
Package activity	0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.6

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.7
Provenance	unknown

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.7
Provenance	unknown

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Trust-summary	2.7
Provenance	unknown
User activity	0
Repository activity	0
From	activity

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Provenance	unknown
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6

📦 Dependency: @nrwl/tao

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	9.1
Provenance	verified_provenance_match
User activity	8.7
Repository activity	8.7
From	activity
Package activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	1613
Number of git tags or releases	320
Versions matched to tags or releases	253

This package has been digitally signed using sigtore.

Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014867

📦 Dependency: @nrwl/workspace

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	8.7
Trust-summary	9
Provenance	verified_provenance_match
User activity	8.7
Repository activity	8.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	1645
Number of git tags or releases	320
Versions matched to tags or releases	253

This package has been digitally signed using sigtore.

Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014897

📦 Dependency: @parcel/watcher

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	8.4
Repository activity	4.9
Package activity	6.6
Provenance	historical_provenance_match
Trust-summary	4.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	37
Number of git tags or releases	25
Versions matched to tags or releases	21

📦 Dependency: @prisma/client

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	9.4
Trust-summary	9.5
Provenance	verified_provenance_match
User activity	9.8
Repository activity	8.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	8971
Number of git tags or releases	126
Versions matched to tags or releases	87

This package has been digitally signed using sigtore.

Source repository	https://github.com/prisma/prisma
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/release-latest.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=146777905

📦 Dependency: acorn

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.1
Trust-summary	6
Provenance	historical_provenance_match
From	provenance
User activity	9.4
Repository activity	6.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	136
Number of git tags or releases	103
Versions matched to tags or releases	102

📦 Dependency: ajv

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
User activity	8.5
Repository activity	7.6
From	activity
Package activity	8
Trust-summary	7.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	357
Number of git tags or releases	121
Versions matched to tags or releases	101

📦 Dependency: ansi-styles

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	10
Repository activity	3.7
Package activity	6.8
Provenance	historical_provenance_match
Trust-summary	4.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	28
Number of git tags or releases	27
Versions matched to tags or releases	26

📦 Dependency: babel-plugin-macros

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
User activity	9.6
Repository activity	5.1
From	activity
Package activity	7.3
Trust-summary	5.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	37
Number of git tags or releases	39
Versions matched to tags or releases	22

📦 Dependency: brace-expansion

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	9.4
Repository activity	3.5
Package activity	6.5
Trust-summary	5.1
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	19
Number of git tags or releases	18
Versions matched to tags or releases	17

📦 Dependency: chalk

Trusty Score: 0

Scoring details

Component	Score
From	provenance
Package activity	8.2
Trust-summary	5.3
Provenance	historical_provenance_match
User activity	9.9
Repository activity	6.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	38
Number of git tags or releases	44
Versions matched to tags or releases	37

📦 Dependency: cliui

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	6.2
Trust-summary	5.1
Provenance	historical_provenance_match
User activity	8.1
Repository activity	4.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	25
Number of git tags or releases	39
Versions matched to tags or releases	24

📦 Dependency: cosmiconfig

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.1
Provenance	historical_provenance_match
User activity	8.6
Repository activity	5.1
From	activity
Package activity	6.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	57
Number of git tags or releases	60
Versions matched to tags or releases	50

📦 Dependency: dotenv

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	8.8
Repository activity	6.6
Package activity	7.7
Trust-summary	5.8
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	86
Number of git tags or releases	78
Versions matched to tags or releases	75

📦 Dependency: emoji-regex

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.1
From	activity
User activity	0
Repository activity	4.9
Package activity	2.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	35
Number of git tags or releases	35
Versions matched to tags or releases	34

📦 Dependency: fast-glob

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
Trust-summary	5
User activity	8.9
Repository activity	5.1
From	activity
Package activity	7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	43
Number of git tags or releases	40
Versions matched to tags or releases	37

📦 Dependency: fast-uri

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.4
Package activity	5.9
Trust-summary	4.4
Provenance	historical_provenance_match
From	activity
User activity	8.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	14
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: fs-extra

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
Trust-summary	5.6
User activity	9.2
Repository activity	6.5
From	activity
Package activity	7.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	96
Number of git tags or releases	89
Versions matched to tags or releases	89

📦 Dependency: glob

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	6
Provenance	historical_provenance_match
From	provenance
User activity	10
Repository activity	6
Package activity	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	170
Number of git tags or releases	112
Versions matched to tags or releases	108

📦 Dependency: has-flag

Trusty Score: 0

Scoring details

Component	Score
User activity	9.6
Repository activity	2.7
Package activity	6.2
Provenance	historical_provenance_match
Trust-summary	3.5
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	6
Number of git tags or releases	5
Versions matched to tags or releases	5

📦 Dependency: json-schema-traverse

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.8
Provenance	historical_provenance_match
Trust-summary	3.5
User activity	6.5
Repository activity	3.1
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

📦 Dependency: minimatch

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	5.7
Provenance	historical_provenance_match
User activity	9.3
Repository activity	5.3
From	activity
Package activity	7.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	110
Number of git tags or releases	104
Versions matched to tags or releases	101

📦 Dependency: nx

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	9.2

📦 Dependency: rxjs

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.4
Provenance	historical_provenance_match
Trust-summary	7.5
User activity	0
Repository activity	8.7
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	162
Number of git tags or releases	94
Versions matched to tags or releases	85

📦 Dependency: search-insights

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.1
Trust-summary	4.9
Provenance	historical_provenance_match
User activity	9.7
Repository activity	4.6
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	64
Number of git tags or releases	56
Versions matched to tags or releases	53

📦 Dependency: string-width

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.9
From	activity
Package activity	6.8
Trust-summary	4
Provenance	historical_provenance_match
User activity	9.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	24
Number of git tags or releases	24
Versions matched to tags or releases	24

📦 Dependency: supports-color

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	4.7
From	activity
User activity	10
Repository activity	4.2
Package activity	7.1
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	50
Number of git tags or releases	57
Versions matched to tags or releases	49

📦 Dependency: tslib

Trusty Score: 0

Scoring details

Component	Score
Provenance	historical_provenance_match
Trust-summary	5.5
From	activity
User activity	9.8
Repository activity	5.8
Package activity	7.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	48
Number of git tags or releases	87
Versions matched to tags or releases	45

📦 Dependency: v8-compile-cache

Trusty Score: 0

Scoring details

Component	Score
Repository activity	4.1
Package activity	5.9
Provenance	historical_provenance_match
Trust-summary	5
From	activity
User activity	7.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: wrap-ansi

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.5
Trust-summary	4.8
Provenance	historical_provenance_match
User activity	9.7
Repository activity	3.3
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	20
Number of git tags or releases	19
Versions matched to tags or releases	19

[stacklok-cloud]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/cli

Trusty Score: 0

Scoring details

Component	Score
User activity	8.7
Repository activity	8.7
Package activity	8.7
Provenance_type	unknown
Provenance	0
Trust-summary	6.3
From	provenance

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	unknown
Provenance	0
User activity	0
Repository activity	0
From	activity
Package activity	0
Trust-summary	2.6

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
User activity	0
Repository activity	0
From	activity

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0
Trust-summary	2.7

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	0
Trust-summary	2.7
Provenance_type	unknown
Provenance	0
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Trust-summary	2.8
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Trust-summary	2.7
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	2.6
Provenance_type	unknown
Provenance	0
From	activity
User activity	0
Repository activity	0
Package activity	0

📦 Dependency: @nrwl/tao

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	verified_provenance_match
Provenance	0
User activity	8.7
Repository activity	8.7
From	activity
Package activity	8.7
Trust-summary	9.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	1613
Number of git tags or releases	313
Versions matched to tags or releases	247

This package has been digitally signed using sigtore.

Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014867

📦 Dependency: @nrwl/workspace

Trusty Score: 0

Scoring details

Component	Score
Package activity	8.7
Trust-summary	9.2
Provenance_type	verified_provenance_match
Provenance	0
User activity	8.7
Repository activity	8.7
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	1645
Number of git tags or releases	313
Versions matched to tags or releases	247

This package has been digitally signed using sigtore.

Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=137014897

📦 Dependency: @parcel/watcher

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
User activity	8.4
Repository activity	4.8
From	activity
Package activity	6.6
Trust-summary	5.2
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	37
Number of git tags or releases	25
Versions matched to tags or releases	21

📦 Dependency: @prisma/client

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	9.5
Provenance_type	verified_provenance_match
Provenance	0
User activity	9.8
Repository activity	8.9
From	activity
Package activity	9.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	8971
Number of git tags or releases	126
Versions matched to tags or releases	87

This package has been digitally signed using sigtore.

Source repository	https://github.com/prisma/prisma
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/release-latest.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=146777905

📦 Dependency: acorn

Trusty Score: 0

Scoring details

Component	Score
User activity	9.4
Repository activity	6.8
Package activity	8.1
Trust-summary	6.2
Provenance_type	historical_provenance_match
Provenance	0
From	provenance

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	136
Number of git tags or releases	103
Versions matched to tags or releases	102

📦 Dependency: ajv

Trusty Score: 0

Scoring details

Component	Score
Repository activity	7.6
From	activity
Package activity	8
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	7.4
User activity	8.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	357
Number of git tags or releases	121
Versions matched to tags or releases	100

📦 Dependency: ansi-styles

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.7
From	activity
Package activity	6.8
Trust-summary	5.3
Provenance_type	historical_provenance_match
Provenance	0
User activity	10

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	28
Number of git tags or releases	27
Versions matched to tags or releases	26

📦 Dependency: babel-plugin-macros

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	7.3
Trust-summary	5
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.6
Repository activity	5.1

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	37
Number of git tags or releases	39
Versions matched to tags or releases	22

📦 Dependency: brace-expansion

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.5
Trust-summary	4.9
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.4
Repository activity	3.5
From	activity

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	19
Number of git tags or releases	18
Versions matched to tags or releases	17

📦 Dependency: chalk

Trusty Score: 0

Scoring details

Component	Score
Repository activity	6.4
From	provenance
Package activity	8.2
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.6
User activity	9.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	38
Number of git tags or releases	44
Versions matched to tags or releases	37

📦 Dependency: cliui

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	8.1
Repository activity	4.2
Package activity	6.2
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	25
Number of git tags or releases	39
Versions matched to tags or releases	24

📦 Dependency: cosmiconfig

Trusty Score: 0

Scoring details

Component	Score
User activity	8.6
Repository activity	5.1
From	activity
Package activity	6.8
Trust-summary	5.1
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	57
Number of git tags or releases	59
Versions matched to tags or releases	50

📦 Dependency: dotenv

Trusty Score: 0

Scoring details

Component	Score
User activity	8.8
Repository activity	6.6
From	activity
Package activity	7.7
Trust-summary	5.8
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	86
Number of git tags or releases	78
Versions matched to tags or releases	75

📦 Dependency: emoji-regex

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	4.9
User activity	8.7
Repository activity	4.9
From	activity
Package activity	6.8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	35
Number of git tags or releases	35
Versions matched to tags or releases	34

📦 Dependency: fast-glob

Trusty Score: 0

Scoring details

Component	Score
User activity	9.4
Repository activity	5.1
From	activity
Package activity	7.2
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	43
Number of git tags or releases	40
Versions matched to tags or releases	37

📦 Dependency: fast-uri

Trusty Score: 0

Scoring details

Component	Score
Repository activity	3.4
Package activity	5.9
Trust-summary	4.9
Provenance_type	historical_provenance_match
Provenance	0
From	activity
User activity	8.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	14
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: fs-extra

Trusty Score: 0

Scoring details

Component	Score
Repository activity	6.5
From	activity
Package activity	7.8
Trust-summary	6
Provenance_type	historical_provenance_match
Provenance	0
User activity	9.2

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	96
Number of git tags or releases	89
Versions matched to tags or releases	89

📦 Dependency: glob

Trusty Score: 0

Scoring details

Component	Score
Repository activity	6.1
From	activity
Package activity	8
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	6
User activity	10

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	170
Number of git tags or releases	112
Versions matched to tags or releases	108

📦 Dependency: has-flag

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.2
Trust-summary	4.2
Provenance_type	historical_provenance_match
Provenance	0
From	activity
User activity	9.6
Repository activity	2.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	6
Number of git tags or releases	5
Versions matched to tags or releases	5

📦 Dependency: json-schema-traverse

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	4.4
From	activity
User activity	6.5
Repository activity	3.1
Package activity	4.8
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5

📦 Dependency: minimatch

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.7
User activity	9.3
Repository activity	5.3
From	activity
Package activity	7.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	110
Number of git tags or releases	104
Versions matched to tags or releases	101

📦 Dependency: nx

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
User activity	8.9
Repository activity	8.7
From	activity
Package activity	8.8
Trust-summary	9.4
Provenance_type	verified_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	1501
Number of git tags or releases	346
Versions matched to tags or releases	278

This package has been digitally signed using sigtore.

Source repository	https://github.com/nrwl/nx
Cerificate Issuer	CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow	.github/workflows/publish.yml
Rekor (public ledger) entry	https://search.sigstore.dev/?logIndex=149132471

📦 Dependency: rxjs

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	7.3
User activity	9
Repository activity	8.7
From	provenance
Package activity	8.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	162
Number of git tags or releases	94
Versions matched to tags or releases	85

📦 Dependency: search-insights

Trusty Score: 0

Scoring details

Component	Score
Package activity	7.2
Trust-summary	4.8
Provenance_type	historical_provenance_match
Provenance	0
From	activity
User activity	9.7
Repository activity	4.7

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	65
Number of git tags or releases	57
Versions matched to tags or releases	54

📦 Dependency: string-width

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5
From	activity
User activity	9.8
Repository activity	4
Package activity	6.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	24
Number of git tags or releases	23
Versions matched to tags or releases	23

📦 Dependency: supports-color

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
From	activity
Trust-summary	5.2
User activity	10
Repository activity	4.2
Package activity	7.1
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	50
Number of git tags or releases	57
Versions matched to tags or releases	49

📦 Dependency: tslib

Trusty Score: 0

Scoring details

Component	Score
From	activity
User activity	9.7
Repository activity	5.8
Package activity	7.8
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	5.6

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	48
Number of git tags or releases	87
Versions matched to tags or releases	45

📦 Dependency: v8-compile-cache

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	4.6
Provenance_type	historical_provenance_match
Provenance	0
User activity	7.7
Repository activity	4.1
From	activity
Package activity	5.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: wrap-ansi

Trusty Score: 0

Scoring details

Component	Score
Package activity	6.5
Provenance_type	historical_provenance_match
Provenance	0
From	activity
Trust-summary	4.7
User activity	9.7
Repository activity	3.3

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	20
Number of git tags or releases	18
Versions matched to tags or releases	18