{
  "canonical": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review",
  "distTags": {
    "latest": "0.1.0"
  },
  "formatVersion": 1,
  "generatedAt": "2026-05-16T21:45:49.535Z",
  "name": "dependency-risk-review",
  "source": "https://node.nipmod.com",
  "type": "dev.nipmod.package-document.v1",
  "versions": {
    "0.1.0": {
      "artifactPath": "releases/0.1.0/bundle.nipmod",
      "artifactSha256": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
      "canonical": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review",
      "cloneUrl": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
      "compatibilityReceipts": [
        {
          "exampleUrl": "https://nipmod.com/compatibility/examples/git-source-provenance.json",
          "externalFormat": "git-source-provenance",
          "externalInputSha256": "38985e3efd3a4feb63425ea774061a8e0bbdfd61248dd67552a00533e2cc7692",
          "id": "receipt.git.dependency-risk-review",
          "label": "Git source",
          "package": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review",
          "packageDigest": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
          "preservedFields": [
            "package",
            "version",
            "artifact.sha256",
            "source.repo",
            "source.commit",
            "source.tag"
          ],
          "provenanceLoss": [],
          "receiptUrl": "https://nipmod.com/compatibility/receipts.json#receipt.git.dependency-risk-review",
          "sourceCommit": "d763aee9761f18708d9b82cba65d92a056695862",
          "sourceRepo": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
          "sourceTag": "v0.1.0",
          "type": "dev.nipmod.compatibility-receipt.v1",
          "unsupportedFields": [],
          "version": "0.1.0"
        }
      ],
      "description": "Review agent package dependencies, permissions and lockfiles for supply-chain risk.",
      "digest": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
      "documentType": "dev.nipmod.package-version.v1",
      "formatVersion": 1,
      "name": "dependency-risk-review",
      "owner": "did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C",
      "permissionDetails": {
        "env": [],
        "filesystem": [],
        "mcpTools": [],
        "network": [],
        "secrets": []
      },
      "permissions": {
        "env": 0,
        "exec": false,
        "filesystem": 0,
        "mcpTools": 0,
        "network": 0,
        "postinstall": false,
        "secrets": 0
      },
      "proof": {
        "checkpointUrl": "/transparency/checkpoint.json",
        "eventHash": "759de3ebf2f8cf2a39052b4b33025c177f1c27b6f7af80b329a9e90569139b42",
        "leafHash": "f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601",
        "leafIndex": 6,
        "leafUrl": "/transparency/leaves/f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601.json",
        "proofUrl": "/transparency/proofs/f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601.json",
        "rootHash": "3cc66da3292900a4ac482b2c301db5c6e0a00c2461847a29fec5275da7f631cf",
        "subject": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0",
        "treeSize": 32,
        "type": "dev.nipmod.registry.proof.v1",
        "witnesses": [
          "did:key:z6Mkv8WH5QeiZU1sJwGrCs8xe35AiH4gMfAy86zFMiEkewWJ"
        ],
        "witnessUrls": [
          "/transparency/witnesses/z6Mkv8WH5QeiZU1sJwGrCs8xe35AiH4gMfAy86zFMiEkewWJ.json"
        ]
      },
      "publisher": "did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C",
      "releasePath": "releases/0.1.0/release.json",
      "repo": "dependency-risk-review",
      "resolved": "https://node.nipmod.com/api/v1/repos/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review/blob/releases/0.1.0/bundle.nipmod",
      "sourceCommit": "d763aee9761f18708d9b82cba65d92a056695862",
      "sourceRepo": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
      "sourceTag": "v0.1.0",
      "stars": 0,
      "trust": {
        "evidence": {
          "artifactDigestVerified": true,
          "bundleSignatureVerified": true,
          "immutableSnapshotMatched": true,
          "publisherMatchesCanonical": true,
          "releaseEventSigned": true,
          "sourceProvenanceVerified": true,
          "transparencyLogIncluded": true,
          "transparencyLogVerified": true
        },
        "level": "verified",
        "score": 100,
        "signals": [
          "Artifact digest verified",
          "Bundle signature verified",
          "Publisher matches canonical owner",
          "Version digest unchanged",
          "Release event signed",
          "Source tag verified",
          "Transparency proof published",
          "Witnessed checkpoint verified",
          "No manifest permissions"
        ],
        "warnings": []
      },
      "type": "skill",
      "updatedAt": "2026-05-16T10:08:53.491621872+00:00",
      "urls": {
        "dependencies": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/dependencies.json",
        "package": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc.json",
        "provenance": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/provenance.json",
        "version": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/0.1.0.json"
      },
      "version": "0.1.0"
    }
  }
}