@cleocode/core
CLEO core business logic kernel — tasks, sessions, memory, orchestration, lifecycle, with bundled SQLite store
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:env-paths | AI (phantom-deps): env-paths is a declared runtime dep used via config files, not direct import; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/gateway-client/generated/index.js | AI (source-diff): Auto-generated OpenAPI barrel export from @hey-api/openapi-ts; long lines are export lists, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/gateway-client/generated/namespaces.gen.js | AI (source-diff): Auto-generated SDK namespace grouping file; header comment confirms codegen origin. | ai | |
| source-diff | obfuscated-file:dist/internal.js | AI (source-diff): Standard esbuild bundle boilerplate with source comments; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/internal.js | AI (source-diff): Network+exec pattern is bundler runtime shim, not dropper behavior; SLSA provenance confirms CI build. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Named script file shipped in package files; consistent with prebuilt binary fetch for a native supervisor component. | ai | |
| phantom-deps | phantom-dep:@cleocode/agents | AI (phantom-deps): Same-org scoped package in a monorepo; phantom dep pattern is consistent with the other accepted @cleocode phantom deps in this package. | ai | |
| phantom-deps | phantom-dep:tree-sitter-javascript | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:tree-sitter-python | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:tree-sitter-ruby | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:tree-sitter-typescript | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:pino-roll | AI (phantom-deps): pino-roll is a pino transport loaded by name in config rather than via direct import — standard pino transport pattern. | ai | |
| phantom-deps | phantom-dep:@cleocode/skills | AI (phantom-deps): Same-org package likely loaded dynamically or referenced indirectly; phantom-dep false positive for intra-monorepo dependencies. | ai | |
| phantom-deps | phantom-dep:@cleocode/adapters | AI (phantom-deps): Same-org package likely loaded dynamically or referenced indirectly; phantom-dep false positive for intra-monorepo dependencies. | ai | |
| phantom-deps | phantom-dep:tree-sitter-rust | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Fires on test files using hardcoded zero-byte test vectors — standard unit test pattern for crypto KDF testing, not a malicious payload. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Fires on 127.0.0.1 in a unit test for HTTP gate validation — localhost address in test code, not a real network exfiltration endpoint. | ai | |
| phantom-deps | phantom-dep:tree-sitter-c | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports — phantom-dep detection is a known false positive for this pattern. | ai | |
| phantom-deps | phantom-dep:tree-sitter-cpp | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:tree-sitter-go | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:tree-sitter-java | AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): @cleocode/core is a scoped package in the @cleocode org ecosystem, not a typosquat of 'cors'. The name reflects its role as the core library; no impersonation intent. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode is used in a standard AES-GCM decryption function in credentials.ts — legitimate cryptographic code, not obfuscated payload. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): env-spread occurs in test files passing process.env to child git processes with specific overrides — standard test pattern, not credential exfiltration. | ai |
Versions (showing 32 of 132)
| Version | Deps | Published |
|---|---|---|
| 2026.3.67 | 17 / 2 | |
| 2026.3.66 | 17 / 2 | |
| 2026.3.65 | 17 / 2 | |
| 2026.3.64 | 17 / 2 | |
| 2026.3.63 | 17 / 2 | |
| 2026.3.62 | 17 / 2 | |
| 2026.3.61 | 17 / 2 | |
| 2026.3.60 | 17 / 2 | |
| 2026.3.59 | 17 / 2 | |
| 2026.3.58 | 17 / 2 | |
| 2026.3.57 | 17 / 2 | |
| 2026.3.56 | 17 / 2 | |
| 2026.3.55 | 17 / 2 | |
| 2026.3.54 | 17 / 2 | |
| 2026.3.53 | 17 / 2 | |
| 2026.3.52 | 17 / 2 | |
| 2026.3.51 | 17 / 2 | |
| 2026.3.50 | 17 / 2 | |
| 2026.3.49 | 17 / 2 | |
| 2026.3.48 | 17 / 2 | |
| 2026.3.47 | 17 / 2 | |
| 2026.3.46 | 17 / 2 | |
| 2026.3.45 | 14 / 2 | |
| 2026.3.44 | 14 / 2 | |
| 2026.3.43 | 14 / 2 | |
| 2026.3.42 | 14 / 2 | |
| 2026.3.41 | 14 / 2 | |
| 2026.3.40 | 14 / 2 | |
| 2026.3.39 | 14 / 2 | |
| 2026.3.38 | 14 / 2 | |
| 2026.3.37 | 14 / 2 | |
| 2.0.0 | 14 / 2 |
v2026.3.67
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2026.3.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2026.3.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.