aegir
3
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
achingbrainnpm-service-account-ipfs
Keywords
buildlint
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:path | AI (phantom-deps): Referenced in config, not imported; stable pattern for aegir. | ai | |
| phantom-deps | phantom-dep:deno | AI (phantom-deps): Deno is invoked as a CLI tool via config/scripts, not imported directly; consistent with aegir's toolchain pattern. | ai | |
| phantom-deps | phantom-dep:buffer | AI (phantom-deps): Referenced in config, not imported; stable pattern for aegir. | ai | |
| phantom-deps | phantom-dep:mocha | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:electron-mocha | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:playwright-test | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:semantic-release | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:semantic-release-monorepo | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:cspell | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:p-map | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:react-native-test-runner | AI (phantom-deps): Platform-specific binary invoked via config, not imported. | ai | |
| phantom-deps | phantom-dep:@types/chai | AI (phantom-deps): Type-only package loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Type-only package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@types/mocha | AI (phantom-deps): Type-only package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@types/chai-string | AI (phantom-deps): Type-only package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@types/chai-subset | AI (phantom-deps): Type-only package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@types/chai-as-promised | AI (phantom-deps): Type-only package loaded by convention. | ai | |
| phantom-deps | phantom-dep:source-map-support | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:tempy | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| phantom-deps | phantom-dep:c8 | AI (phantom-deps): aegir is a meta-tooling package; deps are invoked via CLI/config, not direct imports. | ai | |
| phantom-deps | phantom-dep:nyc | AI (phantom-deps): Same meta-tooling pattern; invoked via config. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP 127.0.0.1 appears only in JSDoc example code for the echo-server utility; not a real network call. | ai |
v47.2.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v47.1.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v47.1.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.