Packages
Evidence
Proof humans can read.
The registry still publishes raw JSON for agents. The website now explains each proof first, then exposes the machine file as an explicit verification link.
Verified registry
Witnesses
Root hash
Quarantine
Yanked
Package
dependency-risk-review
Review agent package dependencies, permissions and lockfiles for supply-chain risk.
- Canonical
- pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0
- Digest
- 30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d
- Publisher
- did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C
- Source
- d763aee9761f18708d9b82cba65d92a056695862
- Trust
- verified/100
Artifacts
What each proof means
Discovery
The manifest agents use to find the registry, installer, advisory feed, transparency log and witness.
Machine fileRegistry
The package index carrying signed package evidence, digests, source commits, compatibility receipts and warnings.
Machine fileCheckpoint
The current transparency tree head. It pins root hash, tree size, timestamp and log identity.
Machine fileAdvisories
The signed safety feed used to warn or block risky package versions without deleting Gitlawb content.
Machine fileSecurity policy
The public reporting route for vulnerabilities, package incidents and registry trust failures.
Machine fileProof transcript
A machine readable record of the demo path: inspect, install, audit and blocked unsafe manifests.
Machine fileReview packet
The machine readable audit handoff with targets, commands, claim boundaries and sign off fields.
Machine fileEvidence manifest
The index of public review artifacts, live health endpoints and proof files reviewers can reproduce.
Machine fileEvidence ledger
The adoption and review receipt ledger. It stays at zero until external redacted evidence exists.
Machine fileSynthetic monitor
The reproducible monitor command for site, registry, advisories, witness, node and Gitlawb receive pack probes.
Machine filePackage proof
Merkle proof for dependency-risk-review, bound to leaf f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601.
Machine filePackage witness
Witness statement for dependency-risk-review, signed outside the registry log identity.
Machine fileRoots
Current pinned values
- Log
- did:key:z6MkugeJcjgGhG1EpUMhhJ1Q5SoYn65T4cmiuBFE8E82TMyk
- Witness
- z6Mkv8WH...EkewWJ
- Checkpoint
- 3cc66da3292900a4ac482b2c301db5c6e0a00c2461847a29fec5275da7f631cf
- Tree size
- 32
- Generated
- 2026-05-16T21:44:02.000Z
- Registry
- https://nipmod.com/registry/packages.json
- Advisories
- https://nipmod.com/advisories.json