@yarnpkg/cli
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@yarnpkg/plugin-interactive-tools | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-typescript | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-constraints | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-workspace-tools | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-catalog | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; not directly imported but legitimately declared. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-version | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-essentials | AI (phantom-deps): Same-org plugin bundled via @yarnpkg/builder; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-github | AI (phantom-deps): Same bundled-plugin architecture; stable false positive. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-npm-cli | AI (phantom-deps): Same bundled-plugin architecture; stable false positive. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Yarn bundles plugins; chalk is bundled into the output, not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-npm | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-pnp | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-exec | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-file | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-http | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-stage | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-link | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-pack | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-pnpm | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-patch | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-init | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-compat | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Yarn CLI intentionally passes process.env to child processes when delegating to a different yarn path. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Boot script dynamically loads PnP runtime — core Yarn Berry design pattern. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Package manager inherently needs child_process to spawn subprocesses. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped @yarnpkg/cli is the official Yarn Berry CLI; no plausible typosquat of 'joi'. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-nm | AI (phantom-deps): Yarn plugins are bundled at build time; declared deps not directly imported is expected. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-dlx | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-git | AI (phantom-deps): Same plugin bundling pattern. | ai | |
| phantom-deps | phantom-dep:@yarnpkg/plugin-jsr | AI (phantom-deps): Same plugin bundling pattern. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 4.15.0 | 35 / 4 | |
| 4.14.1 | 35 / 4 | |
| 4.14.0 | 35 / 4 | |
| 4.13.0 | 35 / 4 | |
| 4.12.0 | 35 / 4 | |
| 4.11.0 | 35 / 4 | |
| 4.10.3 | 35 / 4 | |
| 4.10.2 | 35 / 4 | |
| 4.10.1 | 35 / 4 | |
| 4.9.4 | 34 / 4 | |
| 4.9.3 | 34 / 4 | |
| 4.9.2 | 34 / 4 | |
| 3.6.1 | 28 / 6 |
v4.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.14.1
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/yarnpkg/berry/blob/72b4aa5d62a6c42dc765710ea66b6dd0f63f4941/lib/lib.js#L66 64 | const yarnPathExecOptions = { 65 | stdio: `inherit`, > 66 | env: { 67 | ...process.env, 68 | YARN_IGNORE_PATH: `1`,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.13.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/yarnpkg/berry/blob/81f3e15d2b6259cb64245411220fa1bf61242526/lib/lib.js#L66 64 | const yarnPathExecOptions = { 65 | stdio: `inherit`, > 66 | env: { 67 | ...process.env, 68 | YARN_IGNORE_PATH: `1`,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.2
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/yarnpkg/berry/blob/a9edb7777f04ba16f51503ef6775325b353b67cc/lib/lib.js#L66 64 | const yarnPathExecOptions = { 65 | stdio: `inherit`, > 66 | env: { 67 | ...process.env, 68 | YARN_IGNORE_PATH: `1`,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.6.1
4 findingsMaintainer email '[email protected]' uses domain 'rome.tools' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Spreading entire process.env into an object — may capture all secrets Source: ssh://[email protected]/yarnpkg/berry/blob/4ed09ecb51d4c69775d61b5d2ddc7cf9301452ac/lib/main.js#L20 18 | (0, child_process_1.execFileSync)(process.execPath, [physicalPath, ...process.argv.slice(2)], { 19 | stdio: `inherit`, > 20 | env: { 21 | ...process.env, 22 | YARN_IGNORE_PATH: `1`,
Spreading entire process.env into an object — may capture all secrets Source: ssh://[email protected]/yarnpkg/berry/blob/4ed09ecb51d4c69775d61b5d2ddc7cf9301452ac/lib/main.js#L30 28 | (0, child_process_1.execFileSync)(physicalPath, process.argv.slice(2), { 29 | stdio: `inherit`, > 30 | env: { 31 | ...process.env, 32 | YARN_IGNORE_PATH: `1`,
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.