@powerlines/plugin-deepkit
A package containing a Powerlines plugin to assist in developing other Powerlines plugins.
3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stormie-botsullivanpj
Keywords
deepkitpowerlinespowerlines-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:unplugin | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Minified build output from CI/CD pipeline with SLSA provenance. Code is readable path utilities + plugin wiring, not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Minified build output from CI/CD pipeline with SLSA provenance. Code is readable path utilities + plugin wiring, not obfuscated. Stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@powerlines/deepkit | AI (phantom-deps): Same org scope sibling dependency in a monorepo plugin; referenced in config files, not a direct import risk. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Monorepo plugin package; powerlines is a peer/config-level dependency not directly imported in plugin code. Stable pattern for this package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions — a legitimate CI/CD migration. SLSA provenance attestation confirms builds are from the verified GitHub Actions environment. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-tsc | AI (phantom-deps): Same org scope sibling dependency in a monorepo plugin; referenced in config files, not a direct import risk. | ai | |
| dependencies | unvetted-dep:@powerlines/deepkit | AI (dependencies): First-party Storm Software (@powerlines scope) sibling package; consistent with the publisher's monorepo ecosystem. | ai | |
| dependencies | unvetted-dep:@stryke/json | AI (dependencies): First-party Storm Software (@stryke scope) package; consistent with the publisher's ecosystem pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/json | AI (phantom-deps): Phantom dep pattern is a packaging artifact of the Storm Software monorepo build; not a security concern. | ai | |
| dependencies | unvetted-dep:powerlines | AI (dependencies): First-party Storm Software monorepo package; consistent with the publisher's ecosystem pattern across all versions. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): TypeScript declared as dep but used only in config files; packaging hygiene issue, not a security concern for this package. | ai | |
| dependencies | unvetted-dep:@powerlines/plugin-tsc | AI (dependencies): First-party Storm Software (@powerlines scope) sibling package; consistent with the publisher's monorepo ecosystem. | ai | |
| provenance | slsa-provenance | AI (provenance): Storm Software consistently publishes with SLSA provenance via CI/CD; this is a stable positive signal for all versions of this package. | ai |
v0.5.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.