← Home

@powerlines/plugin-hey-api

npm Repository Homepage

A Powerlines plugin to generate project code using Hey API.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

hey-apipowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher changed from stormie-bot to GitHub Actions as part of a CI/CD migration; SLSA provenance attestation confirms legitimate automated publishing from the storm-software org. ai
phantom-deps phantom-dep:defu AI (phantom-deps): defu is a declared runtime dependency; phantom detection is a false positive likely due to indirect usage or bundling. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): powerlines is a declared runtime dependency from the same org; phantom detection is a false positive. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): @stryke/path is a declared runtime dependency; phantom detection is a false positive. ai
phantom-deps phantom-dep:@stryke/type-checks AI (phantom-deps): @stryke/type-checks is a declared runtime dependency; phantom detection is a false positive. ai
phantom-deps phantom-dep:@stryke/string-format AI (phantom-deps): @stryke/string-format is a declared runtime dependency; phantom detection is a false positive. ai
phantom-deps phantom-dep:jiti AI (phantom-deps): jiti is commonly referenced in config files for TypeScript config loading in build tooling; not a security concern. ai
dependencies unvetted-dep:@stryke/path AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. ai
phantom-deps phantom-dep:@stryke/types AI (phantom-deps): Type-only package referenced in config files; phantom dep finding is a false positive for type-only usage patterns. ai
dependencies unvetted-dep:powerlines AI (dependencies): powerlines is the parent framework package from the same Storm Software monorepo; unvetted status is expected for this ecosystem. ai
dependencies unvetted-dep:@stryke/types AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. ai
dependencies unvetted-dep:@hey-api/openapi-ts AI (dependencies): @hey-api/openapi-ts is a well-known OpenAPI code generation tool; legitimate dependency for this plugin's purpose. ai
dependencies unvetted-dep:@stryke/type-checks AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. ai
dependencies unvetted-dep:@stryke/string-format AI (dependencies): @stryke/* packages are part of the Storm Software ecosystem; unvetted status is expected for this monorepo family. ai

Versions (showing 100 of 522)

Version Deps Published
0.1.117 8 / 2
0.1.116 8 / 2
0.1.115 8 / 2
0.1.114 8 / 2
0.1.113 8 / 2
0.1.112 8 / 2
0.1.111 8 / 2
0.1.110 8 / 2
0.1.109 8 / 2
0.1.108 8 / 2
0.1.107 8 / 2
0.1.106 8 / 2
0.1.105 8 / 2
0.1.104 8 / 2
0.1.103 8 / 2
0.1.102 8 / 2
0.1.101 8 / 2
0.1.100 8 / 2
0.1.99 8 / 2
0.1.98 8 / 2
0.1.97 8 / 2
0.1.96 8 / 2
0.1.95 8 / 2
0.1.94 8 / 2
0.1.93 8 / 2
0.1.92 8 / 2
0.1.91 8 / 2
0.1.90 8 / 2
0.1.89 8 / 2
0.1.88 8 / 2
0.1.87 8 / 2
0.1.86 8 / 2
0.1.85 8 / 2
0.1.84 8 / 2
0.1.83 8 / 2
0.1.82 8 / 3
0.1.81 8 / 3
0.1.80 8 / 3
0.1.79 8 / 3
0.1.78 8 / 3
0.1.77 8 / 3
0.1.76 8 / 3
0.1.75 8 / 3
0.1.74 8 / 3
0.1.73 8 / 3
0.1.72 8 / 3
0.1.71 8 / 3
0.1.70 8 / 3
0.1.69 8 / 3
0.1.68 8 / 3
0.1.67 8 / 3
0.1.66 8 / 3
0.1.65 8 / 3
0.1.64 8 / 3
0.1.63 8 / 3
0.1.62 8 / 3
0.1.61 8 / 3
0.1.60 8 / 3
0.1.59 8 / 3
0.1.58 8 / 3
0.1.57 8 / 3
0.1.56 8 / 3
0.1.55 8 / 3
0.1.54 8 / 3
0.1.53 8 / 3
0.1.52 8 / 3
0.1.51 8 / 3
0.1.50 8 / 3
0.1.49 8 / 3
0.1.48 8 / 3
0.1.47 8 / 3
0.1.46 8 / 3
0.1.45 8 / 3
0.1.44 8 / 3
0.1.43 8 / 3
0.1.42 8 / 3
0.1.41 8 / 3
0.1.40 8 / 3
0.1.39 8 / 3
0.1.38 8 / 3
0.1.37 8 / 3
0.1.36 8 / 3
0.1.35 8 / 3
0.1.34 8 / 3
0.1.33 8 / 3
0.1.32 8 / 3
0.1.31 8 / 3
0.1.30 8 / 3
0.1.29 8 / 3
0.1.28 8 / 3
0.1.27 8 / 3
0.1.26 8 / 3
0.1.25 8 / 3
0.1.24 8 / 3
0.1.23 8 / 3
0.1.22 8 / 3
0.1.21 8 / 3
0.1.20 8 / 3
0.1.19 8 / 3
0.1.18 8 / 3
Showing 100 of 522 Next page →

v0.1.107

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.106

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.105

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.104

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.103

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.102

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.101

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.100

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.99

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.98

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-14) provenance

This version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.91

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-07) provenance

This version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.