@powerlines/plugin-rspack
A package containing a Powerlines plugin to build projects using Webpack.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Rolldown-minified ESM bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Declared as runtime dep; referenced in config files — stable false positive for this package. | ai | |
| provenance | publisher-changed | AI (provenance): stormie-bot is the org's established bot account with 2775 approved packages; transition from GHA to bot account is expected for this publisher. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@rspack/core | AI (phantom-deps): Legitimate build tool dependency in Rspack plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core framework dependency for Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Legitimate type utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): First-party dependency within the same @powerlines namespace/ecosystem published by Storm Software. Expected and stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is a utility package from the same Storm Software ecosystem. Consistent presence across versions; no independent risk signals. | ai |
Versions (showing 100 of 282)
| Version | Deps | Published |
|---|---|---|
| 0.5.476 | 5 / 2 | |
| 0.5.475 | 5 / 2 | |
| 0.5.474 | 5 / 2 | |
| 0.5.473 | 5 / 2 | |
| 0.5.472 | 5 / 2 | |
| 0.5.471 | 5 / 2 | |
| 0.5.470 | 5 / 2 | |
| 0.5.469 | 5 / 2 | |
| 0.5.468 | 5 / 2 | |
| 0.5.467 | 5 / 2 | |
| 0.5.466 | 5 / 2 | |
| 0.5.465 | 5 / 2 | |
| 0.5.464 | 5 / 2 | |
| 0.5.463 | 5 / 2 | |
| 0.5.462 | 5 / 2 | |
| 0.5.461 | 5 / 2 | |
| 0.5.460 | 5 / 2 | |
| 0.5.457 | 4 / 2 | |
| 0.5.456 | 4 / 2 | |
| 0.5.455 | 4 / 2 | |
| 0.5.453 | 4 / 2 | |
| 0.5.452 | 4 / 2 | |
| 0.5.451 | 4 / 2 | |
| 0.5.450 | 4 / 2 | |
| 0.5.449 | 4 / 2 | |
| 0.5.448 | 4 / 2 | |
| 0.5.447 | 4 / 2 | |
| 0.5.446 | 4 / 2 | |
| 0.5.445 | 4 / 2 | |
| 0.5.444 | 4 / 2 | |
| 0.5.443 | 4 / 2 | |
| 0.5.442 | 4 / 2 | |
| 0.5.441 | 3 / 2 | |
| 0.5.440 | 3 / 2 | |
| 0.5.439 | 3 / 2 | |
| 0.5.438 | 3 / 2 | |
| 0.5.437 | 3 / 2 | |
| 0.5.436 | 3 / 2 | |
| 0.5.435 | 3 / 2 | |
| 0.5.434 | 3 / 2 | |
| 0.5.433 | 3 / 2 | |
| 0.5.432 | 3 / 2 | |
| 0.5.431 | 3 / 2 | |
| 0.5.430 | 3 / 2 | |
| 0.5.429 | 3 / 2 | |
| 0.5.428 | 3 / 2 | |
| 0.5.427 | 3 / 2 | |
| 0.5.426 | 3 / 2 | |
| 0.5.425 | 3 / 2 | |
| 0.5.424 | 3 / 2 | |
| 0.5.423 | 3 / 2 | |
| 0.5.422 | 3 / 2 | |
| 0.5.421 | 3 / 2 | |
| 0.5.420 | 3 / 2 | |
| 0.5.419 | 3 / 2 | |
| 0.5.418 | 3 / 2 | |
| 0.5.417 | 3 / 2 | |
| 0.5.416 | 3 / 2 | |
| 0.5.415 | 3 / 2 | |
| 0.5.414 | 3 / 2 | |
| 0.5.413 | 3 / 2 | |
| 0.5.412 | 3 / 2 | |
| 0.5.411 | 3 / 2 | |
| 0.5.410 | 3 / 2 | |
| 0.5.409 | 3 / 2 | |
| 0.5.408 | 3 / 2 | |
| 0.5.407 | 3 / 2 | |
| 0.5.406 | 3 / 2 | |
| 0.5.405 | 3 / 2 | |
| 0.5.404 | 3 / 2 | |
| 0.5.403 | 3 / 2 | |
| 0.5.402 | 3 / 2 | |
| 0.5.401 | 3 / 2 | |
| 0.5.400 | 3 / 2 | |
| 0.5.399 | 3 / 2 | |
| 0.5.398 | 3 / 2 | |
| 0.5.397 | 3 / 2 | |
| 0.5.396 | 3 / 2 | |
| 0.5.395 | 3 / 2 | |
| 0.5.394 | 3 / 2 | |
| 0.5.393 | 3 / 2 | |
| 0.5.392 | 3 / 2 | |
| 0.5.391 | 3 / 2 | |
| 0.5.390 | 3 / 2 | |
| 0.5.389 | 3 / 2 | |
| 0.5.388 | 3 / 2 | |
| 0.5.387 | 3 / 2 | |
| 0.5.386 | 3 / 2 | |
| 0.5.385 | 3 / 2 | |
| 0.5.384 | 3 / 2 | |
| 0.5.383 | 3 / 2 | |
| 0.5.382 | 3 / 2 | |
| 0.5.381 | 3 / 2 | |
| 0.5.380 | 3 / 2 | |
| 0.5.379 | 3 / 2 | |
| 0.5.378 | 3 / 2 | |
| 0.5.377 | 3 / 2 | |
| 0.5.376 | 3 / 2 | |
| 0.5.247 | 8 / 2 | |
| 0.5.246 | 8 / 2 |
v0.5.476
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.475
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.474
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.473
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.472
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.471
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.470
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.469
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.468
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.467
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.466
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.465
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.464
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.463
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.462
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.461
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.460
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.457
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.456
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.455
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.453
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.452
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.451
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.450
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.449
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.448
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.447
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.446
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.445
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.444
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.443
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.247
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.246
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.