@powerlines/plugin-webpack
A package containing a Powerlines plugin to build projects using Webpack.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Declared dep used via config/re-export pattern in this monorepo; stable false positive. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Rolldown-bundled CJS output. Content is readable environment context implementation. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Rolldown-bundled CJS output implementing Cap'n Proto schema structs. Legitimate build artifact. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Rolldown-bundled CJS output for TypeScript config resolution. Readable, legitimate code. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Rolldown-bundled CJS output implementing virtual filesystem. Readable, legitimate code. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Rolldown-bundled CJS output with readable identifiers and legitimate imports. SLSA provenance confirms CI/CD build origin. Standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Rolldown-bundled CJS output. Content is readable plugin context implementation code. SLSA provenance confirmed. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): unplugin is a well-known plugin framework; addition is semantically consistent with the new ./helpers/unplugin export path. Not a suspicious dependency. | ai | |
| provenance | publisher-changed | AI (provenance): Storm Software migrated publishing from stormie-bot to GitHub Actions with SLSA provenance attestation — a supply chain improvement, not a compromise. Stable for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Type definitions used in plugin implementation; legitimate for TypeScript-based plugins. | ai | |
| phantom-deps | phantom-dep:webpack | AI (phantom-deps): Webpack is the core framework for this plugin; referenced in config/plugin interface rather than direct imports. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is used for dynamic imports in webpack plugin configuration; legitimate pattern for build tools. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is used for config merging in webpack plugins; referenced in config files rather than direct imports. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is the plugin framework; referenced in plugin interface rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Utility dependency for file operations; referenced in config/plugin logic rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Utility dependency for path operations; referenced in config/plugin logic rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Utility dependency for type checking; referenced in plugin logic rather than direct imports. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): @powerlines/core is a first-party dependency from the same Storm Software organization as this package; unvetted status reflects pipeline ordering, not a third-party risk. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is another Storm Software namespace package; consistent with same-publisher ecosystem dependency, not an external unknown. | ai |
Versions (showing 71 of 375)
| Version | Deps | Published |
|---|---|---|
| 0.5.236 | 4 / 2 | |
| 0.5.235 | 4 / 2 | |
| 0.5.234 | 4 / 2 | |
| 0.5.233 | 4 / 2 | |
| 0.5.216 | 4 / 2 | |
| 0.5.104 | 8 / 3 | |
| 0.5.71 | 8 / 3 | |
| 0.5.70 | 8 / 3 | |
| 0.5.56 | 8 / 3 | |
| 0.5.55 | 8 / 3 | |
| 0.5.54 | 8 / 3 | |
| 0.5.53 | 8 / 3 | |
| 0.5.52 | 8 / 3 | |
| 0.5.51 | 8 / 3 | |
| 0.5.50 | 8 / 3 | |
| 0.5.49 | 8 / 3 | |
| 0.5.48 | 8 / 3 | |
| 0.5.47 | 8 / 3 | |
| 0.5.46 | 8 / 3 | |
| 0.5.45 | 8 / 3 | |
| 0.5.44 | 8 / 3 | |
| 0.5.43 | 8 / 3 | |
| 0.5.42 | 8 / 3 | |
| 0.5.41 | 8 / 3 | |
| 0.5.40 | 8 / 3 | |
| 0.5.39 | 8 / 3 | |
| 0.5.38 | 8 / 3 | |
| 0.5.37 | 8 / 3 | |
| 0.5.36 | 8 / 3 | |
| 0.5.35 | 8 / 3 | |
| 0.5.33 | 8 / 3 | |
| 0.5.32 | 8 / 3 | |
| 0.5.31 | 8 / 3 | |
| 0.5.30 | 8 / 3 | |
| 0.5.29 | 8 / 3 | |
| 0.5.28 | 8 / 3 | |
| 0.5.25 | 8 / 3 | |
| 0.5.24 | 8 / 3 | |
| 0.5.23 | 8 / 3 | |
| 0.5.22 | 8 / 3 | |
| 0.5.21 | 8 / 3 | |
| 0.5.20 | 8 / 3 | |
| 0.5.19 | 8 / 3 | |
| 0.5.18 | 8 / 3 | |
| 0.5.17 | 8 / 3 | |
| 0.5.16 | 8 / 3 | |
| 0.5.15 | 8 / 3 | |
| 0.5.14 | 8 / 3 | |
| 0.5.13 | 8 / 3 | |
| 0.5.12 | 8 / 3 | |
| 0.5.11 | 8 / 3 | |
| 0.5.10 | 8 / 3 | |
| 0.5.9 | 8 / 3 | |
| 0.5.8 | 8 / 3 | |
| 0.5.7 | 8 / 3 | |
| 0.5.6 | 8 / 3 | |
| 0.5.5 | 8 / 3 | |
| 0.5.4 | 8 / 3 | |
| 0.5.3 | 8 / 3 | |
| 0.5.2 | 8 / 3 | |
| 0.5.1 | 8 / 3 | |
| 0.5.0 | 8 / 3 | |
| 0.4.3 | 8 / 3 | |
| 0.4.2 | 8 / 3 | |
| 0.4.1 | 8 / 3 | |
| 0.4.0 | 8 / 3 | |
| 0.3.0 | 8 / 3 | |
| 0.2.1 | 8 / 3 | |
| 0.2.0 | 8 / 3 | |
| 0.1.1 | 8 / 3 | |
| 0.1.0 | 8 / 3 |
v0.5.236
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.235
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.234
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.233
2 findingsThis version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.216
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.104
10 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.71
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.