@polka-codes/cli-shared
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from human publisher to GitHub Actions CI/CD is expected for automated publishing pipelines; SLSA attestation confirms integrity. | ai | |
| phantom-deps | phantom-dep:@polka-codes/workflow | AI (phantom-deps): Shared library; same-org dependencies used via config/re-export. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Declared dependency used for utilities; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vscode/ripgrep | AI (phantom-deps): Declared dependency used for search functionality; stable false positive. | ai | |
| phantom-deps | phantom-dep:ignore | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:lodash-es | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:@inquirer/prompts | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:@polka-codes/core | AI (phantom-deps): Declared dependency; same-org scope, used via config/indirect imports. | ai | |
| phantom-deps | phantom-dep:mime-types | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:yaml | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Declared dependency; used via config/indirect imports in CLI shared library. | ai | |
| phantom-deps | phantom-dep:@ai-sdk/provider-utils | AI (phantom-deps): @ai-sdk/provider-utils is a declared runtime dep used transitively; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 45 of 145)
| Version | Deps | Published |
|---|---|---|
| 0.9.26 | 7 / 1 | |
| 0.9.25 | 7 / 1 | |
| 0.9.24 | 7 / 1 | |
| 0.9.23 | 7 / 1 | |
| 0.9.22 | 7 / 1 | |
| 0.9.21 | 7 / 1 | |
| 0.9.20 | 7 / 1 | |
| 0.9.19 | 5 / 0 | |
| 0.9.18 | 5 / 0 | |
| 0.9.17 | 5 / 0 | |
| 0.9.16 | 5 / 0 | |
| 0.9.15 | 5 / 0 | |
| 0.9.14 | 5 / 0 | |
| 0.9.13 | 5 / 0 | |
| 0.9.12 | 5 / 0 | |
| 0.9.11 | 5 / 0 | |
| 0.9.10 | 5 / 0 | |
| 0.9.9 | 5 / 0 | |
| 0.9.8 | 5 / 0 | |
| 0.9.7 | 5 / 0 | |
| 0.9.6 | 5 / 0 | |
| 0.9.5 | 5 / 0 | |
| 0.9.4 | 5 / 0 | |
| 0.9.3 | 5 / 0 | |
| 0.9.2 | 5 / 0 | |
| 0.9.1 | 5 / 0 | |
| 0.9.0 | 5 / 0 | |
| 0.8.28 | 5 / 0 | |
| 0.8.27 | 5 / 0 | |
| 0.8.26 | 5 / 0 | |
| 0.8.25 | 5 / 0 | |
| 0.8.24 | 5 / 0 | |
| 0.8.23 | 5 / 0 | |
| 0.8.22 | 5 / 0 | |
| 0.8.21 | 5 / 0 | |
| 0.8.20 | 6 / 0 | |
| 0.8.19 | 6 / 0 | |
| 0.8.18 | 6 / 0 | |
| 0.8.17 | 6 / 0 | |
| 0.8.16 | 6 / 0 | |
| 0.8.15 | 6 / 0 | |
| 0.8.14 | 6 / 0 | |
| 0.8.13 | 6 / 0 | |
| 0.8.12 | 6 / 0 | |
| 0.8.11 | 6 / 0 |
v0.9.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.