@powerlines/plugin-hey-api
A Powerlines plugin to generate project code using Hey API.
18
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stormie-botsullivanpj
Keywords
hey-apipowerlinesstorm-softwarepowerlines-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions as part of a CI/CD migration; SLSA provenance attestation confirms legitimate automated publishing from the storm-software org. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dependency; phantom detection is a false positive likely due to indirect usage or bundling. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is a declared runtime dependency from the same org; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is a declared runtime dependency; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): @stryke/type-checks is a declared runtime dependency; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/string-format | AI (phantom-deps): @stryke/string-format is a declared runtime dependency; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is commonly referenced in config files for TypeScript config loading in build tooling; not a security concern. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Type-only package referenced in config files; phantom dep finding is a false positive for type-only usage patterns. | ai | |
| dependencies | unvetted-dep:powerlines | AI (dependencies): powerlines is the parent framework package from the same Storm Software monorepo; unvetted status is expected for this ecosystem. | ai | |
| dependencies | unvetted-dep:@stryke/types | AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. | ai | |
| dependencies | unvetted-dep:@hey-api/openapi-ts | AI (dependencies): @hey-api/openapi-ts is a well-known OpenAPI code generation tool; legitimate dependency for this plugin's purpose. | ai | |
| dependencies | unvetted-dep:@stryke/type-checks | AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. | ai | |
| dependencies | unvetted-dep:@stryke/string-format | AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. | ai |