@powerlines/plugin-open-feature
A package containing a Powerlines plugin for managing Open Feature feature flags at runtime.
5
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stormie-botsullivanpj
Keywords
open-featurepowerlinesstorm-softwarepowerlines-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed from one CI bot (stormie-bot) to another (GitHub Actions). SLSA provenance confirms legitimate build origin from the expected repo. | ai | |
| phantom-deps | phantom-dep:@openfeature/core | AI (phantom-deps): Transitive/config dependency of the OpenFeature plugin; referenced in config files per the finding. | ai | |
| phantom-deps | phantom-dep:@stryke/env | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/json | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:@alloy-js/json | AI (phantom-deps): Declared dep used indirectly in this plugin framework; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:c12 | AI (phantom-deps): c12 is a config-loading utility declared as a dep and referenced in config files; phantom detection is a false positive for this plugin package's architecture. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/string-format | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-plugin | AI (phantom-deps): Same-org sibling package; phantom detection is a false positive for this plugin framework's architecture. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Storm Software org config package used indirectly; phantom detection is a false positive for this ecosystem's build pattern. | ai | |
| dependencies | unvetted-dep:@powerlines/plugin-alloy | AI (dependencies): Same-org sibling package from Storm Software / Powerlines ecosystem with established publisher track record and SLSA provenance. | ai | |
| phantom-deps | phantom-dep:@alloy-js/markdown | AI (phantom-deps): Declared dep used indirectly in this plugin framework; phantom detection is a false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Sibling @stryke/* org package; phantom detection is a false positive for this plugin's indirect usage pattern. | ai |