@a1st/aix-core
Core utilities for aix configuration loading and management
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:vitest | AI (phantom-deps): vitest is a test runner, not a runtime dep; phantom-dep fires correctly but reflects misclassification. | ai | |
| phantom-deps | phantom-dep:@astrojs/starlight | AI (phantom-deps): Config-only reference; not a runtime import. | ai | |
| phantom-deps | phantom-dep:@yeskunall/astro-umami | AI (phantom-deps): Config-only reference; not a runtime import. | ai | |
| phantom-deps | phantom-dep:astro | AI (phantom-deps): Astro is a config-referenced tool dep, not a runtime import; phantom-dep fires correctly but the real issue is wrong dep classification. | ai | |
| phantom-deps | phantom-dep:@astrojs/vercel | AI (phantom-deps): Config-only reference; not a runtime import. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dep; phantom-dep heuristic fires as false positive for this package. | ai | |
| phantom-deps | phantom-dep:c12 | AI (phantom-deps): c12 is a declared runtime dep used via config loading abstraction; phantom-dep heuristic fires as false positive. | ai |
Versions (showing 11 of 11)
| Version | Deps | Published |
|---|---|---|
| 0.5.1 | 16 / 0 | |
| 0.5.0 | 16 / 0 | |
| 0.4.1 | 16 / 0 | |
| 0.3.1 | 16 / 0 | |
| 0.3.0 | 16 / 0 | |
| 0.2.0 | 16 / 0 | |
| 0.1.0 | 11 / 0 | |
| 0.0.12 | 11 / 0 | |
| 0.0.6 | 11 / 0 | |
| 0.0.4 | 11 / 0 | |
| 0.0.3 | 8 / 0 |
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.12
2 findingsThis version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.6
2 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.