@storm-software/pnpm-tools No license 41 versions

@storm-software/pnpm-tools

npm Repository Homepage

41

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:prettier-plugin-pkg	AI (phantom-deps): Config-file reference pattern; stable for this pnpm-tools package.	ai	2026/05/29
phantom-deps	phantom-dep:@pnpm/plugin-esm-node-path	AI (phantom-deps): Config-file reference pattern; stable for this pnpm-tools package.	ai	2026/05/29
phantom-deps	phantom-dep:@pnpm/plugin-better-defaults	AI (phantom-deps): Config-file reference pattern; stable for this pnpm-tools package.	ai	2026/05/29
bogus-package	bogus-package	AI (bogus-package): README quality issues in a monorepo tooling package; not indicative of spam or malice.	ai	2026/04/28
phantom-deps	phantom-dep:@storm-software/config	AI (phantom-deps): Same-org transitive dep; phantom-dep heuristic unreliable for bundled monorepo packages.	ai	2026/04/28
phantom-deps	phantom-dep:@storm-software/config-tools	AI (phantom-deps): Same-org transitive dep; bundled in bin/pnpm.cjs.	ai	2026/04/28
semgrep	semgrep:env-spread	AI (semgrep): CLI tool passing process.env to child_process.exec is standard; env is scoped and not exfiltrated.	ai	2026/04/28
phantom-deps	phantom-dep:@storm-software/npm-tools	AI (phantom-deps): Same-org dep; declared as runtime dependency and used transitively.	ai	2026/04/28
phantom-deps	phantom-dep:prettier-plugin-packagejson	AI (phantom-deps): Referenced in config files as documented; stable false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@storm-software/package-constants	AI (phantom-deps): Same-org transitive dep; bundled in bin/pnpm.cjs.	ai	2026/04/28
semgrep	semgrep:child-process-import	AI (semgrep): pnpm CLI wrapper legitimately uses child_process to run pnpm commands.	ai	2026/04/28
semgrep	semgrep:env-bulk-read	AI (semgrep): Reads only STORM_EXTENSION_* prefixed keys; scoped config pattern, not exfiltration.	ai	2026/04/28

Versions (showing 41 of 149)

Version	Deps	Published
0.6.126	9 / 3	2026-03-19
0.6.125	9 / 3	2026-03-18
0.6.124	9 / 3	2026-03-16
0.6.123	9 / 3	2026-03-16
0.6.122	9 / 3	2026-03-16
0.6.121	9 / 3	2026-03-16
0.6.120	9 / 3	2026-03-16
0.6.119	9 / 3	2026-03-16
0.6.118	9 / 3	2026-03-16
0.6.117	9 / 3	2026-03-16
0.6.116	9 / 3	2026-03-16
0.6.115	9 / 3	2026-03-16
0.6.114	9 / 3	2026-03-14
0.6.113	9 / 3	2026-03-14
0.6.112	9 / 3	2026-03-11
0.6.111	9 / 3	2026-03-11
0.6.110	9 / 3	2026-03-11
0.6.109	9 / 3	2026-03-11
0.6.108	9 / 3	2026-03-11
0.6.107	9 / 3	2026-03-11
0.6.106	9 / 3	2026-03-11
0.6.105	9 / 3	2026-03-07
0.6.104	9 / 3	2026-03-07
0.6.103	9 / 3	2026-03-07
0.6.102	9 / 3	2026-03-07
0.6.101	9 / 3	2026-03-06
0.6.100	9 / 3	2026-03-06
0.6.99	9 / 3	2026-03-06
0.6.98	9 / 3	2026-03-06
0.6.97	9 / 3	2026-03-04
0.6.96	9 / 3	2026-03-04
0.6.95	9 / 3	2026-03-02
0.6.94	9 / 3	2026-02-28
0.6.93	9 / 3	2026-02-24
0.6.92	9 / 3	2026-02-23
0.6.91	9 / 3	2026-02-21
0.6.90	9 / 3	2026-02-20
0.6.89	9 / 3	2026-02-20
0.6.14	11 / 3	2025-10-30
0.5.6	11 / 3	2025-09-22
0.5.5	11 / 3	2025-09-22

v0.6.126

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.125

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.124

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.123

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.122

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.121

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.120

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.119

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.118

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.117

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.116

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.115

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.114

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.113

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.112

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.111

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.110

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.109

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.108

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.107

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.106

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.105

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.104

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.103

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.102

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.101

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.100

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.99

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.98

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.97

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.96

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.95

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.94

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.93

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.92

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.91

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.90

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.89

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.