@oclif/plugin-not-found
"did you mean" for oclif
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): dickeyxxx → oclif-bot is the well-known legitimate transition when oclif moved to automated bot publishing in 2018. | ai | |
| phantom-deps | phantom-dep:@oclif/command | AI (phantom-deps): @oclif/command is a peer/host dependency for oclif plugins — it is provided by the consuming CLI framework, not imported directly. This is the standard oclif plugin pattern. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers (rodesp, mdonnalley) are known oclif/Salesforce contributors; maintainer additions are routine for this actively maintained Salesforce-owned package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer delisting is consistent with Salesforce's organizational practices; no evidence of takeover. | ai | |
| dependencies | unvetted-dep:@oclif/color | AI (dependencies): @oclif/color is a first-party Salesforce/oclif dependency; its use in this oclif plugin is expected and stable across versions. | ai | |
| provenance | no-provenance | AI (provenance): Salesforce's established publisher track record makes provenance absence acceptable for this version. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @inquirer/confirm is from an established ecosystem and aligns with the plugin's CLI purpose; legitimate addition. | ai | |
| dependencies | unvetted-dep:fast-levenshtein | AI (dependencies): fast-levenshtein is a well-known string-distance library appropriate for a 'did you mean' plugin; stable for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): False positive: established oclif plugin with 184 prior versions; inflated semver reflects ecosystem convention, not spam. | ai |
Versions (showing 51 of 190)
| Version | Deps | Published |
|---|---|---|
| 3.2.86 | 4 / 27 | |
| 3.2.85 | 4 / 27 | |
| 3.2.84 | 4 / 27 | |
| 3.2.83 | 4 / 27 | |
| 3.2.82 | 4 / 27 | |
| 3.2.81 | 4 / 27 | |
| 3.2.80 | 4 / 27 | |
| 3.2.79 | 4 / 27 | |
| 3.2.78 | 4 / 27 | |
| 3.2.77 | 4 / 27 | |
| 3.2.76 | 4 / 27 | |
| 3.2.75 | 4 / 27 | |
| 3.2.74 | 4 / 27 | |
| 3.2.73 | 4 / 27 | |
| 3.2.72 | 4 / 27 | |
| 3.2.71 | 4 / 27 | |
| 3.2.70 | 4 / 27 | |
| 3.2.69 | 4 / 27 | |
| 3.2.68 | 4 / 27 | |
| 3.2.67 | 4 / 27 | |
| 3.2.66 | 4 / 27 | |
| 3.2.65 | 4 / 27 | |
| 3.2.64 | 4 / 27 | |
| 3.2.63 | 4 / 27 | |
| 3.2.62 | 4 / 27 | |
| 3.2.61 | 4 / 27 | |
| 3.2.60 | 4 / 27 | |
| 3.2.59 | 4 / 27 | |
| 3.2.58 | 4 / 27 | |
| 3.2.57 | 4 / 27 | |
| 3.2.56 | 4 / 27 | |
| 3.2.55 | 4 / 27 | |
| 3.2.54 | 4 / 27 | |
| 3.2.53 | 4 / 25 | |
| 3.2.52 | 4 / 25 | |
| 3.2.51 | 4 / 25 | |
| 3.2.50 | 4 / 25 | |
| 3.2.49 | 4 / 25 | |
| 3.2.48 | 4 / 25 | |
| 3.2.47 | 4 / 25 | |
| 3.2.46 | 4 / 25 | |
| 3.2.45 | 4 / 25 | |
| 3.2.44 | 4 / 25 | |
| 3.2.43 | 4 / 25 | |
| 3.2.42 | 4 / 25 | |
| 3.2.41 | 4 / 25 | |
| 3.2.40 | 4 / 25 | |
| 3.2.39 | 4 / 25 | |
| 3.2.38 | 4 / 25 | |
| 3.2.37 | 4 / 25 | |
| 3.2.36 | 4 / 25 |
v3.2.86
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.85
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.84
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.83
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.82
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.81
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.78
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.75
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.72
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.71
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.70
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.