@ionic/utils-subprocess
1
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
ionicjs
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@ionic/utils-fs | AI (dependencies): First-party Ionic sibling package from the ionic-cli monorepo, published by the same trusted ionicjs publisher. Stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@ionic/utils-array | AI (dependencies): First-party Ionic sibling package from the ionic-cli monorepo, published by the same trusted ionicjs publisher. Stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@ionic/utils-stream | AI (dependencies): First-party Ionic sibling package from the ionic-cli monorepo, published by the same trusted ionicjs publisher. Stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@ionic/utils-process | AI (dependencies): First-party Ionic sibling package from the ionic-cli monorepo, published by the same trusted ionicjs publisher. Stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@ionic/utils-terminal | AI (dependencies): First-party Ionic sibling package from the ionic-cli monorepo, published by the same trusted ionicjs publisher. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:debug | AI (phantom-deps): debug is explicitly declared in package.json dependencies; phantom-dep finding is a false positive likely due to indirect/typed usage patterns. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Cosmetic signals (short README, no keywords) are typical for utility sub-packages in monorepos. Not a security concern for this established Ionic package. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 3.0.1 | 8 / 10 |
v3.0.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.