@storm-software/git-tools
Tools for managing Git repositories within a Nx workspace.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Standard lazy-init proxy pattern in bundled output; not evasion. | ai | |
| dependencies | unvetted-dep:any-shell-escape | AI (dependencies): any-shell-escape is a small, well-known utility appropriate for a git tools package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Expected for a git tooling package that shells out to run git commands. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Same-org dependency; phantom-dep heuristic false positive for monorepo packages. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Listed as peerDependency; phantom-dep heuristic fires incorrectly here. | ai | |
| phantom-deps | phantom-dep:@nx/js | AI (phantom-deps): Build tooling dep; phantom-dep heuristic false positive. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Git/CI tooling that runs subprocesses legitimately needs to forward process.env; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:tsconfig-paths | AI (phantom-deps): Stable false positive for this package's bundled build. | ai | |
| phantom-deps | phantom-dep:@inquirer/prompts | AI (phantom-deps): Stable false positive for this package's bundled build. | ai | |
| phantom-deps | phantom-dep:@commitlint/ensure | AI (phantom-deps): Stable false positive for this package's bundled build. | ai | |
| phantom-deps | phantom-dep:@textlint/ast-node-types | AI (phantom-deps): Stable false positive for this package's bundled build. | ai | |
| phantom-deps | phantom-dep:jsonc-parser | AI (phantom-deps): Stable false positive for this package's bundled build. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): Config loader filters env keys by known prefix; not exfiltration. | ai |
Versions (showing 51 of 81)
| Version | Deps | Published |
|---|---|---|
| 2.131.64 | 29 / 6 | |
| 2.131.63 | 29 / 6 | |
| 2.131.62 | 29 / 6 | |
| 2.131.61 | 29 / 6 | |
| 2.131.60 | 29 / 6 | |
| 2.131.59 | 29 / 6 | |
| 2.131.58 | 29 / 6 | |
| 2.131.57 | 29 / 6 | |
| 2.131.56 | 29 / 6 | |
| 2.131.55 | 29 / 6 | |
| 2.131.53 | 29 / 6 | |
| 2.131.52 | 29 / 6 | |
| 2.131.51 | 29 / 6 | |
| 2.131.50 | 29 / 6 | |
| 2.131.49 | 29 / 6 | |
| 2.131.48 | 29 / 6 | |
| 2.131.47 | 29 / 6 | |
| 2.131.46 | 29 / 6 | |
| 2.131.45 | 29 / 6 | |
| 2.131.44 | 29 / 6 | |
| 2.131.43 | 29 / 6 | |
| 2.131.42 | 29 / 6 | |
| 2.131.41 | 29 / 6 | |
| 2.131.40 | 29 / 6 | |
| 2.131.39 | 29 / 6 | |
| 2.131.38 | 29 / 6 | |
| 2.131.37 | 29 / 6 | |
| 2.131.36 | 29 / 6 | |
| 2.131.35 | 29 / 6 | |
| 2.131.34 | 29 / 6 | |
| 2.131.33 | 30 / 6 | |
| 2.131.32 | 28 / 8 | |
| 2.131.31 | 28 / 8 | |
| 2.131.29 | 28 / 8 | |
| 2.131.28 | 28 / 8 | |
| 2.131.27 | 28 / 8 | |
| 2.131.26 | 28 / 8 | |
| 2.131.25 | 28 / 8 | |
| 2.131.24 | 28 / 8 | |
| 2.131.23 | 28 / 8 | |
| 2.131.22 | 28 / 8 | |
| 2.131.21 | 28 / 8 | |
| 2.131.20 | 28 / 8 | |
| 2.131.19 | 28 / 8 | |
| 2.131.18 | 28 / 8 | |
| 2.131.17 | 28 / 8 | |
| 2.131.16 | 28 / 8 | |
| 2.131.15 | 28 / 8 | |
| 2.131.14 | 28 / 8 | |
| 2.131.12 | 28 / 8 | |
| 2.131.11 | 28 / 8 |
v2.131.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.32
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-22, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v2.131.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.131.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.