@shgysk8zer0/11ty-netlify
A collection of common npm packages for Eleventy sites on Netlify
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): SLSA provenance attestation and consistent repo/author identity reduce account-takeover risk despite long dormancy. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/js-utils | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/css-utils | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/importmap | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/npm-utils | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/11ty-filters | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/eslint-config | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@11ty/eleventy | AI (phantom-deps): CLI tool used via config/scripts, not direct import; stable pattern for this build-tooling meta-package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/svg-use-symbols | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/stylelint-config | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-frontmatter2 | AI (phantom-deps): Used via eslint config file, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:js-yaml | AI (phantom-deps): Used via config files; stable false positive for this build-tooling meta-package. | ai | |
| phantom-deps | phantom-dep:htmlhint | AI (phantom-deps): Invoked via npm scripts, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:netlify-cli | AI (phantom-deps): CLI tool invoked via scripts, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@shgysk8zer0/rollup-import | AI (phantom-deps): Same-org dep used via config files; stable false positive for this package. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 1.2.0 | 16 / 0 | |
| 1.1.35 | 16 / 0 | |
| 1.1.34 | 16 / 0 | |
| 1.1.32 | 16 / 0 | |
| 1.1.31 | 14 / 1 | |
| 1.1.30 | 14 / 1 | |
| 1.1.29 | 14 / 1 | |
| 1.1.28 | 14 / 1 |
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.