dependency-risk-review

Review agent package dependencies, permissions and lockfiles for supply-chain risk.

The signed bundle is stored on Gitlawb, pinned by digest and checked against transparency evidence before install. Use the evidence page for the exact source, release and witness proof for this package version.

0.1.0

30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d

No dependency metadata is published for this package version.

Level

verified

Score

100

Artifact digest

verified

Bundle signature

verified

Source provenance

verified

Transparency

verified

Quality

100/100 Excellent

Trust

verified/100

Quality

100/100

Permissions

quiet

Advisory

clear

nipmod inspect pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0 --json
nipmod install --plan pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0 --json

No active high or critical quarantine blocks this package version.

nipmod install dependency-risk-review

Canonical

pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0

Digest

30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d

Source tag

v0.1.0

Source commit

d763aee9761f18708d9b82cba65d92a056695862

Root

3cc66da3292900a4ac482b2c301db5c6e0a00c2461847a29fec5275da7f631cf

Agents should inspect first, then install only when trust score, permissions, advisories and local policy match the workspace.