@powerlines/plugin-graphql
A Powerlines plugin to generate project code from GraphQL schemas.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/plugin-utils/get-config-path.cjs | AI (source-diff): File is minified build output of a config path resolver; logic is transparent (existsSync checks for various config file extensions). Not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/plugin-utils/get-config-path.mjs | AI (source-diff): ESM variant of the same minified config path resolver. Benign minified build output, not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions CI with SLSA Sigstore attestation — a legitimate migration to automated publishing, not a compromise indicator for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Phantom dependency pattern is legitimate for utility libraries used indirectly in config. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Phantom dependency pattern is legitimate for type utilities used indirectly. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Phantom dependency pattern is legitimate for config-driven code generation tools; defu is used indirectly. | ai | |
| phantom-deps | phantom-dep:@graphql-codegen/cli | AI (phantom-deps): Phantom dependency pattern is legitimate for code generation tools; CLI is used indirectly. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Phantom dependency pattern is legitimate for utility libraries used indirectly. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Phantom dependency pattern is legitimate for config-driven code generation tools; jiti is used indirectly. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Phantom dependency pattern is legitimate for monorepo plugins; powerlines is used indirectly. | ai |
Versions (showing 28 of 433)
| Version | Deps | Published |
|---|---|---|
| 0.1.30 | 7 / 4 | |
| 0.1.29 | 7 / 4 | |
| 0.1.28 | 7 / 4 | |
| 0.1.27 | 7 / 4 | |
| 0.1.25 | 7 / 4 | |
| 0.1.24 | 7 / 4 | |
| 0.1.23 | 7 / 4 | |
| 0.1.22 | 7 / 4 | |
| 0.1.21 | 7 / 4 | |
| 0.1.20 | 7 / 4 | |
| 0.1.17 | 7 / 4 | |
| 0.1.16 | 7 / 4 | |
| 0.1.15 | 7 / 4 | |
| 0.1.14 | 7 / 4 | |
| 0.1.13 | 7 / 4 | |
| 0.1.12 | 7 / 4 | |
| 0.1.11 | 7 / 4 | |
| 0.1.10 | 7 / 4 | |
| 0.1.9 | 7 / 4 | |
| 0.1.8 | 7 / 4 | |
| 0.1.7 | 7 / 4 | |
| 0.1.6 | 7 / 4 | |
| 0.1.5 | 7 / 4 | |
| 0.1.4 | 7 / 4 | |
| 0.1.3 | 7 / 4 | |
| 0.1.2 | 7 / 4 | |
| 0.1.1 | 7 / 4 | |
| 0.1.0 | 7 / 4 |
v0.1.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.