@stryke/fs — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

sullivanpjstormie-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher changed from stormie-bot to GitHub Actions — consistent with legitimate migration to OIDC-based CI/CD publishing. SLSA provenance attestation corroborates authenticity. Stable for this package.	ai	2026/04/27
source-diff	obfuscated-file:dist/file-path-fns-7aKacdLg.cjs	AI (source-diff): File is minified bundler output (tsdown/Rollup CJS chunk) implementing standard path utilities. No obfuscation or malicious patterns present; content-hashed filenames are normal for this build toolchain.	ai	2026/04/27
source-diff	large-new-source-files	AI (source-diff): Large file count increase is consistent with bundling previously-external deps internally and expanding export surface; no injected malicious code detected.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/helpers	AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages.	ai	2026/04/26
phantom-deps	phantom-dep:@stryke/string-format	AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages.	ai	2026/04/26
phantom-deps	phantom-dep:@stryke/convert	AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages.	ai	2026/04/26
phantom-deps	phantom-dep:chalk	AI (phantom-deps): chalk is declared and used in config/build context; phantom-dep finding is expected for build-time dependencies.	ai	2026/04/26
phantom-deps	phantom-dep:@stryke/path	AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages.	ai	2026/04/26
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped package @stryke/fs is not a typosquat of 'qs'; Levenshtein comparison of scoped names to short unrelated packages produces false positives for this package.	ai	2026/04/25
bogus-package	bogus-package	AI (bogus-package): Legitimate monorepo utility package from storm-software/stryke; cosmetic README/keyword issues are not security concerns.	ai	2026/04/25
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped package @stryke/fs is not a typosquat of 'pg'; same false-positive pattern as the qs finding.	ai	2026/04/25

Versions (showing 55 of 156)

Version	Deps	Published
0.30.3	16 / 4	2025-10-18
0.30.2	16 / 4	2025-10-17
0.30.1	16 / 4	2025-10-17
0.30.0	16 / 4	2025-10-17
0.29.0	16 / 4	2025-10-08
0.28.7	16 / 4	2025-10-02
0.28.6	16 / 4	2025-09-22
0.28.5	16 / 4	2025-09-21
0.28.3	16 / 4	2025-09-16
0.28.2	16 / 4	2025-09-16
0.28.1	16 / 4	2025-09-13
0.28.0	16 / 4	2025-09-11
0.27.1	16 / 4	2025-09-11
0.27.0	16 / 4	2025-09-08
0.26.0	16 / 4	2025-09-08
0.25.0	15 / 4	2025-08-29
0.24.2	15 / 4	2025-08-28
0.24.1	15 / 4	2025-08-28
0.24.0	14 / 4	2025-08-28
0.23.4	14 / 4	2025-08-11
0.23.3	14 / 4	2025-08-06
0.23.2	14 / 4	2025-08-05
0.23.1	14 / 4	2025-08-05
0.23.0	14 / 4	2025-08-04
0.22.9	14 / 4	2025-08-02
0.22.8	14 / 4	2025-07-05
0.22.7	14 / 4	2025-07-04
0.22.6	14 / 4	2025-07-03
0.22.5	14 / 4	2025-07-03
0.22.4	14 / 4	2025-07-02
0.22.3	14 / 4	2025-07-01
0.22.2	14 / 4	2025-06-29
0.22.1	14 / 4	2025-06-18
0.22.0	14 / 4	2025-06-17
0.21.3	14 / 4	2025-06-12
0.21.2	14 / 4	2025-06-12
0.21.1	14 / 4	2025-06-12
0.21.0	14 / 4	2025-06-12
0.20.7	14 / 4	2025-06-12
0.20.6	14 / 4	2025-06-06
0.20.5	14 / 4	2025-06-06
0.20.4	14 / 4	2025-06-04
0.20.3	14 / 4	2025-06-03
0.20.2	14 / 4	2025-06-02
0.20.1	14 / 4	2025-06-02
0.20.0	13 / 4	2025-06-02
0.19.0	13 / 4	2025-06-02
0.18.0	13 / 4	2025-06-02
0.17.0	13 / 4	2025-06-02
0.16.0	13 / 4	2025-05-29
0.15.0	13 / 4	2025-05-28
0.14.0	13 / 4	2025-05-25
0.13.1	13 / 4	2025-05-21
0.13.0	13 / 4	2025-05-16
0.12.2	11 / 4	2025-05-12