← Home

@darajs/stylelint-config

npm Repository Homepage

Dara Stylelint configuration

3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

krzysztof-causalens

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with monorepo CI/CD adoption. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy followed by CI/CD migration with SLSA provenance; no malicious content changes detected. ai
phantom-deps phantom-dep:stylelint-order AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai
phantom-deps phantom-dep:postcss-styled-syntax AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai
phantom-deps phantom-dep:postcss AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai
phantom-deps phantom-dep:stylelint-config-clean-order AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai
phantom-deps phantom-dep:stylelint-config-standard AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai
phantom-deps phantom-dep:stylelint AI (phantom-deps): Config package; dependencies referenced in config files, not code imports. ai

Versions (showing 3 of 104)

Version Deps Published
1.16.11 6 / 0
1.16.10 6 / 0
1.16.9 6 / 0

v1.16.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.