cliui
easily create complex multi-column command-line-interfaces
27
Versions
ISC
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
bcoeoss-bot
Keywords
clicommand-linelayoutdesignconsolewraptable
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:rollup-plugin-ts | AI (dependencies): rollup-plugin-ts is a build tool used only in rollup config; phantom-dep analysis confirms it is never directly imported at runtime. Misplaced in dependencies instead of devDependencies but poses no runtime risk. | ai | |
| provenance | publisher-changed | AI (provenance): oss-bot is the yargs ecosystem's CI/CD publishing account; bcoe (Ben Coe) is the original author. This transition is documented and legitimate for the yargs/cliui project. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): oss-bot is a known automation account for the yargs ecosystem; its addition as maintainer reflects legitimate CI/CD publishing automation, not a hostile takeover. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): wrap-ansi, strip-ansi, and string-width are canonical yargs/chalk ecosystem packages. Their addition in v7 reflects a legitimate refactor from bundled to explicit dependencies. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-ts | AI (phantom-deps): rollup-plugin-ts is a build tool mistakenly placed in dependencies instead of devDependencies; it is only used in rollup config and not imported at runtime. No security risk. | ai | |
| provenance | no-provenance | AI (provenance): cliui is a long-established yargs ecosystem package; lack of Sigstore provenance is common and not a risk signal for this well-known package. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 9.0.1 | 3 / 15 | |
| 9.0.0 | 3 / 15 | |
| 8.0.1 | 3 / 17 | |
| 8.0.0 | 4 / 16 | |
| 7.0.4 | 3 / 17 | |
| 7.0.3 | 3 / 17 | |
| 7.0.2 | 3 / 17 | |
| 7.0.1 | 3 / 17 | |
| 7.0.0 | 3 / 17 | |
| 6.0.0 | 3 / 6 | |
| 5.0.0 | 3 / 7 | |
| 4.1.0 | 3 / 7 | |
| 4.0.0 | 3 / 7 | |
| 3.2.0 | 3 / 7 | |
| 3.1.2 | 3 / 6 | |
| 3.1.1 | 3 / 6 | |
| 3.1.0 | 3 / 6 | |
| 3.0.3 | 3 / 6 | |
| 3.0.2 | 2 / 7 | |
| 3.0.1 | 4 / 7 | |
| 3.0.0 | 3 / 5 | |
| 2.1.0 | 3 / 8 | |
| 2.0.0 | 3 / 8 | |
| 1.4.0 | 3 / 8 | |
| 1.3.0 | 3 / 6 | |
| 1.1.0 | 3 / 6 | |
| 1.0.0 | 3 / 6 |