@oclif/plugin-not-found
"did you mean" for oclif
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): dickeyxxx → oclif-bot is the well-known legitimate transition when oclif moved to automated bot publishing in 2018. | ai | |
| phantom-deps | phantom-dep:@oclif/command | AI (phantom-deps): @oclif/command is a peer/host dependency for oclif plugins — it is provided by the consuming CLI framework, not imported directly. This is the standard oclif plugin pattern. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers (rodesp, mdonnalley) are known oclif/Salesforce contributors; maintainer additions are routine for this actively maintained Salesforce-owned package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer delisting is consistent with Salesforce's organizational practices; no evidence of takeover. | ai | |
| dependencies | unvetted-dep:@oclif/color | AI (dependencies): @oclif/color is a first-party Salesforce/oclif dependency; its use in this oclif plugin is expected and stable across versions. | ai | |
| provenance | no-provenance | AI (provenance): Salesforce's established publisher track record makes provenance absence acceptable for this version. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @inquirer/confirm is from an established ecosystem and aligns with the plugin's CLI purpose; legitimate addition. | ai | |
| dependencies | unvetted-dep:fast-levenshtein | AI (dependencies): fast-levenshtein is a well-known string-distance library appropriate for a 'did you mean' plugin; stable for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): False positive: established oclif plugin with 184 prior versions; inflated semver reflects ecosystem convention, not spam. | ai |
Versions (showing 100 of 190)
| Version | Deps | Published |
|---|---|---|
| 3.2.86 | 4 / 27 | |
| 3.2.85 | 4 / 27 | |
| 3.2.84 | 4 / 27 | |
| 3.2.83 | 4 / 27 | |
| 3.2.82 | 4 / 27 | |
| 3.2.81 | 4 / 27 | |
| 3.2.80 | 4 / 27 | |
| 3.2.79 | 4 / 27 | |
| 3.2.78 | 4 / 27 | |
| 3.2.77 | 4 / 27 | |
| 3.2.76 | 4 / 27 | |
| 3.2.75 | 4 / 27 | |
| 3.2.74 | 4 / 27 | |
| 3.2.73 | 4 / 27 | |
| 3.2.72 | 4 / 27 | |
| 3.2.71 | 4 / 27 | |
| 3.2.70 | 4 / 27 | |
| 3.2.69 | 4 / 27 | |
| 3.2.68 | 4 / 27 | |
| 3.2.67 | 4 / 27 | |
| 3.2.66 | 4 / 27 | |
| 3.2.65 | 4 / 27 | |
| 3.2.64 | 4 / 27 | |
| 3.2.63 | 4 / 27 | |
| 3.2.62 | 4 / 27 | |
| 3.2.61 | 4 / 27 | |
| 3.2.60 | 4 / 27 | |
| 3.2.59 | 4 / 27 | |
| 3.2.58 | 4 / 27 | |
| 3.2.57 | 4 / 27 | |
| 3.2.56 | 4 / 27 | |
| 3.2.55 | 4 / 27 | |
| 3.2.54 | 4 / 27 | |
| 3.2.53 | 4 / 25 | |
| 3.2.52 | 4 / 25 | |
| 3.2.51 | 4 / 25 | |
| 3.2.50 | 4 / 25 | |
| 3.2.49 | 4 / 25 | |
| 3.2.48 | 4 / 25 | |
| 3.2.47 | 4 / 25 | |
| 3.2.46 | 4 / 25 | |
| 3.2.45 | 4 / 25 | |
| 3.2.44 | 4 / 25 | |
| 3.2.43 | 4 / 25 | |
| 3.2.42 | 4 / 25 | |
| 3.2.41 | 4 / 25 | |
| 3.2.40 | 4 / 25 | |
| 3.2.39 | 4 / 25 | |
| 3.2.38 | 4 / 25 | |
| 3.2.37 | 4 / 25 | |
| 3.2.36 | 4 / 25 | |
| 3.2.35 | 4 / 25 | |
| 3.2.34 | 4 / 25 | |
| 3.2.33 | 4 / 25 | |
| 3.2.32 | 4 / 25 | |
| 3.2.31 | 4 / 25 | |
| 3.2.30 | 4 / 25 | |
| 3.2.29 | 4 / 25 | |
| 3.2.28 | 4 / 25 | |
| 3.2.27 | 4 / 25 | |
| 3.2.26 | 4 / 25 | |
| 3.2.25 | 4 / 25 | |
| 3.2.24 | 4 / 25 | |
| 3.2.23 | 4 / 25 | |
| 3.2.22 | 4 / 25 | |
| 3.2.21 | 4 / 25 | |
| 3.2.20 | 4 / 25 | |
| 3.2.19 | 4 / 25 | |
| 3.2.18 | 4 / 25 | |
| 3.2.17 | 4 / 25 | |
| 3.2.16 | 4 / 25 | |
| 3.2.15 | 4 / 25 | |
| 3.2.14 | 4 / 25 | |
| 3.2.13 | 4 / 25 | |
| 3.2.12 | 4 / 25 | |
| 3.2.11 | 4 / 25 | |
| 3.2.10 | 4 / 25 | |
| 3.2.9 | 4 / 25 | |
| 3.2.8 | 4 / 25 | |
| 3.2.7 | 4 / 25 | |
| 3.2.6 | 4 / 25 | |
| 3.2.5 | 4 / 25 | |
| 3.2.4 | 4 / 25 | |
| 3.2.3 | 4 / 25 | |
| 3.2.2 | 4 / 25 | |
| 3.2.1 | 4 / 25 | |
| 3.2.0 | 4 / 25 | |
| 3.1.10 | 4 / 23 | |
| 3.1.9 | 4 / 23 | |
| 3.1.8 | 4 / 23 | |
| 3.1.7 | 4 / 23 | |
| 3.1.6 | 4 / 23 | |
| 3.1.5 | 4 / 23 | |
| 3.1.4 | 4 / 23 | |
| 3.1.3 | 4 / 23 | |
| 3.1.2 | 4 / 23 | |
| 3.1.1 | 4 / 23 | |
| 3.1.0 | 4 / 23 | |
| 3.0.14 | 3 / 23 | |
| 3.0.13 | 3 / 23 |
v3.2.86
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.85
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.84
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.83
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.82
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.81
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.78
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.75
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.72
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.71
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.70
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.