@powerlines/plugin-nodejs
A package containing a Powerlines plugin for building a Node.js application.
2
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stormie-botsullivanpj
Keywords
nodejspowerlinesstorm-softwarepowerlines-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/components/env-builtin.cjs | AI (source-diff): Standard Rolldown CJS bundle output; code is readable JSX component logic, not obfuscated. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions, consistent with org adopting CI/CD OIDC publishing. SLSA provenance attestation confirms legitimate automated pipeline. | ai | |
| phantom-deps | phantom-dep:@alloy-js/json | AI (phantom-deps): Framework dependency referenced in plugin architecture; not directly imported. Expected for this package type. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-alloy | AI (phantom-deps): Same-org plugin dependency; referenced in config/architecture, not direct imports. Stable pattern. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-babel | AI (phantom-deps): Same-org plugin dependency; referenced in config/architecture, not direct imports. Stable pattern. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-env | AI (phantom-deps): Same-org plugin dependency; referenced in config/architecture, not direct imports. Stable pattern. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core framework dependency for plugin system; referenced in config, not direct imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-plugin | AI (phantom-deps): Same-org sibling package declared as dependency; phantom detection is a stable false positive for this package's build/config pattern. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Referenced in config files per finding description; not a direct import but legitimately declared. Stable false positive for this package. | ai |
v0.1.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.