← Home

@powerlines/plugin-image-compression

npm Repository Homepage

A Powerlines plugin to optimize images used by the project.

8
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

sharpsvgopowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@stryke/fs AI (phantom-deps): Config-file reference; stable pattern for this package across 390 versions. ai
phantom-deps phantom-dep:@stryke/string-format AI (phantom-deps): Config-file reference; stable pattern for this package across 390 versions. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): Powerlines is the framework this plugin extends; phantom reference in config is expected for plugin packages. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): Chalk is a legitimate dependency for CLI output; phantom reference in config is expected for monorepo packages. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): Utility dependency referenced in config; phantom reference is expected in monorepo build setup. ai
phantom-deps phantom-dep:@stryke/convert AI (phantom-deps): Utility dependency referenced in config; phantom reference is expected in monorepo build setup. ai
dependencies unvetted-dep:svgo AI (dependencies): svgo is a well-known SVG optimization library; its use is expected and appropriate for an image compression plugin. Not a genuine risk for this package. ai
phantom-deps phantom-dep:jiti AI (phantom-deps): jiti is a well-known TypeScript/ESM runtime loader; phantom dep status reflects config-file usage pattern, not a security concern. ai
phantom-deps phantom-dep:defu AI (phantom-deps): defu is a well-known, legitimate utility package; phantom dep status reflects config-file usage pattern, not a security concern. ai
provenance slsa-provenance AI (provenance): Package consistently published via CI/CD with SLSA provenance attestation; this is a stable characteristic of the Storm Software release pipeline. ai

Versions (showing 8 of 212)

Version Deps Published
0.2.51 9 / 4
0.2.48 9 / 4
0.2.44 9 / 4
0.2.41 9 / 4
0.2.39 9 / 4
0.2.31 9 / 4
0.2.16 9 / 4
0.2.0 9 / 4

v0.2.51

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.44

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.41

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.39

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.31

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.