@bomb.sh/tab No license 13 versions

@bomb.sh/tab

npm Repository Homepage

13

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

natemoo-reamirsa12dreyfus92aslemammad43081j

Keywords

bombshelltabcompletionautocomplete

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/t-CMPXbmTJ.js	AI (source-diff): Minified bundler output (tsdown); sample shows legitimate shell completion template code, not obfuscation.	ai	2026/04/27
source-diff	obfuscated-file:dist/t-BWhsyajM.js	AI (source-diff): File is minified bundler output (tsdown) containing a zsh completion template generator — entirely benign and consistent with this tab-completion library's purpose.	ai	2026/04/26
source-diff	obfuscated-file:dist/t-DYl0qC9V.js	AI (source-diff): Flagged file is a bundler output chunk (tsdown/rollup hashed chunk) containing zsh completion template strings — long lines are from shell script templates, not obfuscation. Consistent with package purpose.	ai	2026/04/26
source-diff	obfuscated-file:dist/t-Chww2rEs.js	AI (source-diff): File contains a zsh shell completion script template, which is the core functionality of this tab-completion library. Long lines are from embedded shell script templates, not obfuscation.	ai	2026/04/26

Versions (showing 13 of 13)

Version	Deps	Published
0.0.15	0 / 15	2026-04-28
0.0.14	0 / 15	2026-02-18
0.0.13	0 / 15	2026-02-08
0.0.12	0 / 15	2026-01-24
0.0.11	0 / 15	2025-12-27
0.0.10	0 / 15	2025-12-11
0.0.9	0 / 15	2025-11-03
0.0.8	0 / 15	2025-10-30
0.0.7	0 / 15	2025-10-23
0.0.6	0 / 15	2025-10-16
0.0.5	1 / 15	2025-10-05
0.0.4	1 / 15	2025-09-26
0.0.3	1 / 15	2025-08-21

v0.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.12

2 findings

HIGH New obfuscated file: dist/t-DYl0qC9V.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.11

2 findings

HIGH New obfuscated file: dist/t-BWhsyajM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.10

2 findings

HIGH New obfuscated file: dist/t-Chww2rEs.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

2 findings

HIGH New obfuscated file: dist/t-CMPXbmTJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

2 findings

HIGH New obfuscated file: dist/t-CMPXbmTJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.