argparse — Greenflagged

CLI arguments parser. Native port of python's argparse.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

vitaly

Keywords

cliparserargparseoptionargs

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): sprintf-js is a well-known, legitimate string formatting utility; its addition as a replacement for underscore/underscore.string is a reasonable and benign dependency simplification for this package.	ai	2026/04/21
dependencies	unvetted-dep:underscore	AI (dependencies): underscore is a well-known, widely-trusted utility library; its presence as a dependency poses no security risk for this package.	ai	2026/04/21
dependencies	unvetted-dep:sprintf-js	AI (dependencies): sprintf-js is a well-known, stable utility library that has been a long-standing dependency of argparse. No meaningful risk for this package.	ai	2026/04/21
provenance	no-provenance	AI (provenance): argparse is a mature, 5000+ day old package. Lack of provenance attestation is expected for packages of this age and is not a risk signal here.	ai	2026/04/21

Versions (showing 30 of 30)

Version	Deps	Published
2.0.1	0 / 5	2020-08-28
2.0.0	0 / 5	2020-08-14
1.0.10	1 / 4	2018-02-15
1.0.9	1 / 4	2016-09-29
1.0.8	2 / 4	2016-09-29
1.0.7	1 / 4	2016-03-17
1.0.6	1 / 4	2016-02-06
1.0.5	1 / 1	2016-02-05
1.0.4	2 / 1	2016-01-17
1.0.3	2 / 1	2015-10-27
1.0.2	2 / 1	2015-03-22
1.0.1	2 / 1	2015-02-20
1.0.0	2 / 1	2015-02-19
0.1.16	2 / 1	2014-12-01
0.1.15	2 / 1	2013-05-12
0.1.14	2 / 1	2013-05-12
0.1.13	2 / 1	2013-04-08
0.1.12	2 / 1	2013-02-10
0.1.11	2 / 1	2013-02-07
0.1.10	2 / 1	2012-12-30
0.1.9	2 / 1	2012-12-27
0.1.8	2 / 1	2012-12-02
0.1.7	2 / 1	2012-10-14
0.1.6	2 / 1	2012-09-09
0.1.5	2 / 1	2012-09-03
0.1.4	2 / 1	2012-07-30
0.1.3	2 / 1	2012-07-04
0.1.2	2 / 1	2012-05-29
0.1.1	2 / 0	2012-05-23
0.1.0	2 / 0	2012-05-16

v1.0.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.