@faststore/cli
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@vtex/faststore-sdk | AI (dependencies): Same org scope (@vtex) as this package; canary version is expected for internal SDK dependency. | ai | |
| provenance | missing-githead | AI (provenance): Package uses SLSA provenance attestation via GitHub Actions; gitHead absence is a minor metadata gap, not a supply chain risk. | ai | |
| phantom-deps | phantom-dep:oclif | AI (phantom-deps): oclif is declared in oclif config section of package.json; not directly imported but legitimately used as CLI tooling. | ai | |
| phantom-deps | phantom-dep:@inquirer/confirm | AI (phantom-deps): CLI prompt library; may be used indirectly via oclif or dynamic require patterns in CLI tooling. | ai | |
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; stable pattern for vtex/faststore org going forward. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped @faststore/cli is a legitimate VTEX FastStore package; Levenshtein match to 'joi' is a false positive. | ai | |
| phantom-deps | phantom-dep:@faststore/core | AI (phantom-deps): Same-org dep used indirectly by the CLI framework; stable false positive. | ai | |
| phantom-deps | phantom-dep:@antfu/ni | AI (phantom-deps): Used via CLI invocation in scripts/config, not direct import; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@oclif/plugin-not-found | AI (phantom-deps): Declared as oclif plugin in config; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:@oclif/plugin-help | AI (phantom-deps): Declared as oclif plugin in config; not directly imported by design. | ai |
Versions (showing 46 of 146)
| Version | Deps | Published |
|---|---|---|
| 3.64.0 | 13 / 12 | |
| 3.63.1 | 13 / 12 | |
| 3.63.0 | 13 / 12 | |
| 3.62.0 | 13 / 12 | |
| 3.61.0 | 13 / 12 | |
| 3.60.4 | 13 / 12 | |
| 3.60.3 | 13 / 12 | |
| 3.60.2 | 13 / 12 | |
| 3.60.1 | 13 / 12 | |
| 3.60.0 | 13 / 12 | |
| 3.59.0 | 13 / 12 | |
| 3.58.0 | 13 / 12 | |
| 3.57.0 | 13 / 12 | |
| 3.56.3 | 13 / 12 | |
| 3.56.2 | 13 / 12 | |
| 3.56.1 | 13 / 12 | |
| 3.56.0 | 13 / 12 | |
| 3.55.1 | 13 / 12 | |
| 3.55.0 | 13 / 12 | |
| 3.54.0 | 13 / 12 | |
| 3.53.0 | 13 / 12 | |
| 3.52.1 | 13 / 12 | |
| 3.52.0 | 13 / 12 | |
| 3.51.0 | 13 / 12 | |
| 3.50.4 | 13 / 12 | |
| 3.50.3 | 13 / 12 | |
| 3.50.2 | 13 / 12 | |
| 3.50.1 | 13 / 12 | |
| 3.50.0 | 13 / 12 | |
| 3.49.2 | 13 / 12 | |
| 3.49.1 | 13 / 12 | |
| 3.49.0 | 13 / 12 | |
| 3.48.0 | 13 / 12 | |
| 3.47.2 | 13 / 12 | |
| 3.47.1 | 13 / 12 | |
| 3.47.0 | 13 / 12 | |
| 3.46.0 | 13 / 12 | |
| 3.45.0 | 13 / 12 | |
| 3.44.3 | 13 / 12 | |
| 3.44.2 | 13 / 12 | |
| 3.44.1 | 13 / 12 | |
| 3.44.0 | 13 / 12 | |
| 3.43.0 | 13 / 12 | |
| 3.42.0 | 13 / 12 | |
| 3.41.9 | 13 / 12 | |
| 3.41.8 | 13 / 12 |
v3.64.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.63.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.63.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.62.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.61.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.60.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.60.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.60.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.60.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.60.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.59.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.58.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.57.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.56.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.56.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.56.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.56.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.55.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.55.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.54.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.53.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.52.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.52.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.51.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.50.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.50.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.50.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.50.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.50.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.49.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.49.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.49.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.48.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.47.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.47.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.47.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.46.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.45.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.44.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.44.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.44.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.44.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.43.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.42.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.41.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.41.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.