← Home

@powerlines/plugin-rolldown

npm Repository Homepage

A package containing a Powerlines plugin to assist in developing other Powerlines plugins.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

rolldownpowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@powerlines/unplugin AI (dependencies): Same org (@powerlines/storm-software); consistent with the package's own namespace and publishing pattern. ai
source-diff obfuscated-file:dist/unplugin-CLsmVZMo.cjs AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. ai
source-diff obfuscated-file:dist/index.mjs AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. ai
source-diff obfuscated-file:dist/unplugin-Rgj8lLxv.mjs AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. ai
phantom-deps phantom-dep:@stryke/helpers AI (phantom-deps): Internal org dep used in config files; stable false positive for this package. ai
phantom-deps phantom-dep:glob AI (phantom-deps): Declared as a runtime dep for config-level use; stable false positive for this package. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs AI (source-diff): Minified ESM bundle output from rolldown; expected for a build tool plugin shipping compiled dist/ artifacts. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs AI (source-diff): Minified CJS bundle output from rolldown; this is a rolldown plugin that ships bundled dist/ files. No malicious patterns in samples. ai
provenance publisher-changed AI (provenance): Transition from stormie-bot to GitHub Actions is an upgrade in CI/CD hygiene; SLSA provenance attestation confirms verified pipeline publishing. ai
source-diff obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs AI (source-diff): Minified rolldown bundle output; TypeScript config resolution helpers. No malicious patterns. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs AI (source-diff): Minified rolldown bundle output; standard plugin context implementation. No malicious patterns. ai
source-diff obfuscated-file:dist/powerlines/src/api.cjs AI (source-diff): Minified rolldown/rollup bundle output; code is readable JS with standard npm imports. No malicious patterns. SLSA provenance confirms CI/CD build. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs AI (source-diff): Minified rolldown bundle output; standard plugin environment context. No malicious patterns. ai
source-diff obfuscated-file:dist/powerlines/schemas/fs.cjs AI (source-diff): Minified rolldown bundle output; Cap'n Proto schema definitions. No malicious patterns. ai
source-diff obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs AI (source-diff): Minified rolldown bundle output; virtual filesystem implementation. No malicious patterns. ai
source-diff obfuscated-file:dist/powerlines/src/lib/build/rolldown.cjs AI (source-diff): Minified rolldown bundle output; build configuration helpers. No malicious patterns. ai
phantom-deps phantom-dep:@stryke/convert AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. ai
phantom-deps phantom-dep:defu AI (phantom-deps): Legitimate build tool dependency used in plugin configuration; phantom pattern is expected for this package type. ai
phantom-deps phantom-dep:rolldown AI (phantom-deps): Core dependency for Rolldown plugin; referenced in build config rather than direct imports. ai
phantom-deps phantom-dep:unplugin AI (phantom-deps): Plugin framework dependency; used indirectly through plugin configuration. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): Parent framework dependency; referenced in plugin context rather than direct imports. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. ai
phantom-deps phantom-dep:@stryke/type-checks AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. ai
dependencies unvetted-dep:@stryke/fs AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. ai
phantom-deps phantom-dep:@powerlines/plugin-babel AI (phantom-deps): Same-org sibling package; indirect usage is expected in this plugin ecosystem. ai
phantom-deps phantom-dep:@stryke/types AI (phantom-deps): Same-org sibling package; type-only usage not directly imported is expected for type packages. ai
phantom-deps phantom-dep:@stryke/fs AI (phantom-deps): Same-org sibling package; indirect usage via config files is expected in this plugin ecosystem. ai
phantom-deps phantom-dep:jiti AI (phantom-deps): jiti is declared as a runtime dependency and used in config files; indirect usage pattern is normal for plugin ecosystems. ai
dependencies unvetted-dep:@powerlines/plugin-rollup AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@powerlines/plugin-babel AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@stryke/type-checks AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@powerlines/core AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@stryke/convert AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@stryke/types AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. ai
dependencies unvetted-dep:@stryke/path AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. ai

Versions (showing 100 of 463)

Version Deps Published
0.7.479 12 / 2
0.7.478 12 / 2
0.7.477 12 / 2
0.7.476 12 / 2
0.7.475 12 / 2
0.7.474 12 / 2
0.7.473 12 / 2
0.7.472 12 / 2
0.7.471 12 / 2
0.7.470 12 / 2
0.7.469 12 / 2
0.7.468 12 / 2
0.7.467 12 / 2
0.7.466 12 / 2
0.7.465 12 / 2
0.7.462 13 / 2
0.7.461 13 / 2
0.7.460 13 / 2
0.7.459 13 / 2
0.7.458 13 / 2
0.7.456 13 / 2
0.7.455 13 / 2
0.7.454 13 / 2
0.7.453 13 / 2
0.7.452 13 / 2
0.7.451 13 / 2
0.7.450 13 / 2
0.7.449 13 / 2
0.7.448 13 / 2
0.7.447 13 / 2
0.7.446 13 / 2
0.7.445 13 / 2
0.7.444 12 / 2
0.7.443 12 / 2
0.7.442 12 / 2
0.7.441 12 / 2
0.7.440 12 / 2
0.7.439 12 / 2
0.7.438 12 / 2
0.7.437 12 / 2
0.7.436 12 / 2
0.7.435 12 / 2
0.7.434 12 / 2
0.7.433 12 / 2
0.7.432 12 / 2
0.7.431 12 / 2
0.7.430 12 / 2
0.7.429 12 / 2
0.7.428 12 / 2
0.7.427 12 / 2
0.7.426 12 / 2
0.7.425 12 / 2
0.7.424 12 / 2
0.7.423 12 / 2
0.7.422 12 / 2
0.7.421 12 / 2
0.7.420 12 / 2
0.7.419 12 / 2
0.7.418 12 / 2
0.7.417 12 / 2
0.7.416 12 / 2
0.7.415 12 / 2
0.7.414 12 / 2
0.7.413 12 / 2
0.7.412 12 / 2
0.7.411 12 / 2
0.7.410 12 / 2
0.7.409 12 / 2
0.7.408 12 / 2
0.7.407 12 / 2
0.7.406 12 / 2
0.7.404 12 / 2
0.7.403 12 / 2
0.7.402 12 / 2
0.7.401 12 / 2
0.7.400 12 / 2
0.7.399 12 / 2
0.7.398 12 / 2
0.7.397 12 / 2
0.7.396 12 / 2
0.7.395 12 / 2
0.7.394 12 / 2
0.7.393 12 / 2
0.7.392 12 / 2
0.7.391 12 / 2
0.7.390 12 / 2
0.7.389 12 / 2
0.7.388 12 / 2
0.7.387 12 / 2
0.7.386 12 / 2
0.7.385 12 / 2
0.7.384 12 / 2
0.7.383 11 / 2
0.7.382 11 / 2
0.7.381 11 / 2
0.7.380 11 / 2
0.7.379 11 / 2
0.7.378 11 / 2
0.7.377 11 / 2
0.7.376 11 / 2
Showing 100 of 463 Next page →

v0.7.479

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.478

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.477

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.476

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.475

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.474

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.473

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.472

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.471

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.470

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.469

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.468

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.467

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.466

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.465

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.462

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.461

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.460

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.459

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.458

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.456

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.455

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.454

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.453

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.452

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.451

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.450

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.449

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.448

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.447

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.446

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.378

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.377

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.376

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.