@powerlines/plugin-rspack
A package containing a Powerlines plugin to build projects using Webpack.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Rolldown-minified ESM bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Declared as runtime dep; referenced in config files — stable false positive for this package. | ai | |
| provenance | publisher-changed | AI (provenance): stormie-bot is the org's established bot account with 2775 approved packages; transition from GHA to bot account is expected for this publisher. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@rspack/core | AI (phantom-deps): Legitimate build tool dependency in Rspack plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core framework dependency for Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Legitimate type utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): First-party dependency within the same @powerlines namespace/ecosystem published by Storm Software. Expected and stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is a utility package from the same Storm Software ecosystem. Consistent presence across versions; no independent risk signals. | ai |
Versions (showing 79 of 282)
| Version | Deps | Published |
|---|---|---|
| 0.5.245 | 8 / 2 | |
| 0.5.244 | 8 / 2 | |
| 0.5.243 | 8 / 2 | |
| 0.5.242 | 8 / 2 | |
| 0.5.240 | 8 / 2 | |
| 0.5.239 | 8 / 2 | |
| 0.5.238 | 8 / 2 | |
| 0.5.237 | 8 / 2 | |
| 0.5.236 | 8 / 2 | |
| 0.5.235 | 8 / 2 | |
| 0.5.234 | 8 / 2 | |
| 0.5.233 | 8 / 2 | |
| 0.5.176 | 8 / 2 | |
| 0.5.161 | 8 / 2 | |
| 0.5.90 | 8 / 3 | |
| 0.5.71 | 8 / 3 | |
| 0.5.56 | 8 / 3 | |
| 0.5.55 | 8 / 3 | |
| 0.5.54 | 8 / 3 | |
| 0.5.53 | 8 / 3 | |
| 0.5.52 | 8 / 3 | |
| 0.5.51 | 8 / 3 | |
| 0.5.50 | 8 / 3 | |
| 0.5.49 | 8 / 3 | |
| 0.5.48 | 8 / 3 | |
| 0.5.47 | 8 / 3 | |
| 0.5.46 | 8 / 3 | |
| 0.5.45 | 8 / 3 | |
| 0.5.44 | 8 / 3 | |
| 0.5.43 | 8 / 3 | |
| 0.5.42 | 8 / 3 | |
| 0.5.41 | 8 / 3 | |
| 0.5.40 | 8 / 3 | |
| 0.5.39 | 8 / 3 | |
| 0.5.38 | 8 / 3 | |
| 0.5.37 | 8 / 3 | |
| 0.5.36 | 8 / 3 | |
| 0.5.35 | 8 / 3 | |
| 0.5.33 | 8 / 3 | |
| 0.5.32 | 8 / 3 | |
| 0.5.31 | 8 / 3 | |
| 0.5.30 | 8 / 3 | |
| 0.5.29 | 8 / 3 | |
| 0.5.28 | 8 / 3 | |
| 0.5.25 | 8 / 3 | |
| 0.5.24 | 8 / 3 | |
| 0.5.23 | 8 / 3 | |
| 0.5.22 | 8 / 3 | |
| 0.5.21 | 8 / 3 | |
| 0.5.20 | 8 / 3 | |
| 0.5.19 | 8 / 3 | |
| 0.5.18 | 8 / 3 | |
| 0.5.17 | 8 / 3 | |
| 0.5.16 | 8 / 3 | |
| 0.5.15 | 8 / 3 | |
| 0.5.14 | 8 / 3 | |
| 0.5.13 | 8 / 3 | |
| 0.5.12 | 8 / 3 | |
| 0.5.11 | 8 / 3 | |
| 0.5.10 | 8 / 3 | |
| 0.5.9 | 8 / 3 | |
| 0.5.8 | 8 / 3 | |
| 0.5.7 | 8 / 3 | |
| 0.5.6 | 8 / 3 | |
| 0.5.5 | 8 / 3 | |
| 0.5.4 | 8 / 3 | |
| 0.5.3 | 8 / 3 | |
| 0.5.2 | 8 / 3 | |
| 0.5.1 | 8 / 3 | |
| 0.5.0 | 8 / 3 | |
| 0.4.3 | 8 / 3 | |
| 0.4.2 | 8 / 3 | |
| 0.4.1 | 8 / 3 | |
| 0.4.0 | 8 / 3 | |
| 0.3.0 | 8 / 3 | |
| 0.2.1 | 8 / 3 | |
| 0.2.0 | 8 / 3 | |
| 0.1.1 | 8 / 3 | |
| 0.1.0 | 8 / 3 |
v0.5.244
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.243
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.242
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.240
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.239
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.238
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.237
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.236
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.235
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.234
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.233
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.176
2 findingsThis version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.161
2 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.90
10 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.