@inquirer/select — Greenflagged

Inquirer select/list prompt

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

sboudriasmischah

Keywords

answeranswersaskbaseclicommandcommand-lineconfirmenquirergenerategeneratorhyperinputinquireinquirerinterfaceitermjavascriptmenunodenodejspromptpromptlypromptsquestionreadlinescaffoldscaffolderscaffoldingstdinstdoutterminalttyuiyeomanyozsh

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:figures	AI (dependencies): figures is a well-known, widely-used terminal symbols package with no security concerns; stable benign dependency for this package.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): Dependency swap from chalk to yoctocolors-cjs is a well-known legitimate migration in the Node.js CLI ecosystem; yoctocolors-cjs is a trusted Sindre Sorhus package.	ai	2026/04/23
dependencies	unvetted-dep:@inquirer/core	AI (dependencies): First-party sibling package from the same Inquirer.js monorepo and publisher (sboudrias). Not a third-party risk.	ai	2026/04/23
dependencies	unvetted-dep:@inquirer/type	AI (dependencies): First-party sibling package from the same Inquirer.js monorepo and publisher (sboudrias). Not a third-party risk.	ai	2026/04/23
dependencies	unvetted-dep:@inquirer/figures	AI (dependencies): First-party sibling package from the same Inquirer.js monorepo and publisher (sboudrias). Not a third-party risk.	ai	2026/04/23
dependencies	unvetted-dep:@inquirer/ansi	AI (dependencies): First-party sibling package from the same Inquirer.js monorepo and publisher (sboudrias). Not a third-party risk.	ai	2026/04/23
dependencies	unvetted-dep:ansi-escapes	AI (dependencies): ansi-escapes is a stable, widely-used ANSI escape code utility; appropriate dependency for a CLI prompt library.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Provenance attestation is not yet standard practice; absence is not a security concern for this established package.	ai	2026/04/21

Versions (showing 51 of 96)

View all versions

Version	Deps	Published
5.2.1	4 / 2	2026-05-29
5.2.0	4 / 2	2026-05-25
5.1.5	4 / 2	2026-05-10
5.1.4	4 / 2	2026-04-19
5.1.3	4 / 2	2026-04-06
5.1.2	4 / 2	2026-03-15
5.1.1	4 / 2	2026-03-15
5.1.0	4 / 3	2026-02-22
5.0.7	4 / 3	2026-02-16
5.0.6	4 / 3	2026-02-14
5.0.5	4 / 3	2026-02-14
5.0.4	4 / 3	2026-01-11
5.0.3	4 / 3	2025-12-13
5.0.2	4 / 3	2025-12-02
5.0.1	4 / 3	2025-11-17
5.0.0	4 / 3	2025-11-16
4.4.2	5 / 4	2025-11-12
4.4.1	5 / 4	2025-11-08
4.4.0	5 / 4	2025-10-13
4.3.4	5 / 4	2025-09-14
4.3.3	5 / 4	2025-09-14
4.3.1	5 / 4	2025-07-21
4.3.0	5 / 4	2025-07-20
4.2.0	5 / 4	2025-04-24
4.1.1	5 / 4	2025-04-03
4.1.0	5 / 4	2025-03-15
4.0.10	5 / 4	2025-03-08
4.0.9	5 / 4	2025-02-15
4.0.8	5 / 4	2025-02-02
4.0.7	5 / 4	2025-01-28
4.0.6	5 / 4	2025-01-13
4.0.5	5 / 4	2025-01-11
4.0.4	5 / 4	2024-12-20
4.0.3	5 / 4	2024-12-07
4.0.2	5 / 4	2024-11-11
4.0.1	5 / 4	2024-10-25
4.0.0	5 / 4	2024-10-06
3.0.1	5 / 1	2024-09-16
3.0.0	5 / 1	2024-09-15
2.5.0	5 / 1	2024-09-02
2.4.7	5 / 1	2024-08-05
2.4.6	5 / 1	2024-08-04
2.4.5	5 / 1	2024-07-30
2.4.4	5 / 1	2024-07-29
2.4.3	5 / 1	2024-07-28
2.4.2	5 / 1	2024-07-21
2.4.1	5 / 1	2024-07-19
2.4.0	5 / 1	2024-07-17
2.3.11	5 / 1	2024-07-16
2.3.10	5 / 1	2024-07-04
2.3.9	5 / 1	2024-07-03