cspell-lib — Greenflagged

A library of useful functions used across various cspell tools.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jason-dent

Keywords

spellcheckercodecamelcasespellingspell checkerspelling checkerlint

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): False positive: short README is expected for a monorepo library component; 'empty' entry point is a re-export stub, not the actual library.	ai	2026/04/24
source-diff	large-new-source-files	AI (source-diff): cspell-lib is an active monorepo package; large file count increases are expected across minor/patch versions due to build output changes and feature additions.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Established package from highly trusted publisher; lack of Sigstore is not a disqualifier for mature, well-maintained projects.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): New dep is @cspell/[email protected], a first-party cspell monorepo package pinned to the same version. Not a suspicious third-party addition.	ai	2026/04/24
phantom-deps	phantom-dep:comment-json	AI (phantom-deps): Legitimate phantom dependency; declared in package.json and referenced in config files but not directly imported in source code.	ai	2026/04/24
phantom-deps	phantom-dep:fast-equals	AI (phantom-deps): Legitimate phantom dependency; declared in package.json and referenced in config files but not directly imported in source code.	ai	2026/04/24
dependencies	unvetted-dep:env-paths	AI (dependencies): env-paths is a well-known, benign utility for OS standard paths. Its use in cspell-lib for locating config/cache directories is expected and legitimate.	ai	2026/04/23
phantom-deps	phantom-dep:@cspell/cspell-bundled-dicts	AI (phantom-deps): @cspell/cspell-bundled-dicts is explicitly declared as a runtime dependency in package.json. The phantom-dep finding is a false positive for this package.	ai	2026/04/23

Versions (showing 51 of 341)

View all versions

Version	Deps	Published
10.0.0	23 / 18	2026-04-06
9.8.0	24 / 18	2026-04-05
9.7.0	24 / 18	2026-02-23
9.6.4	24 / 17	2026-02-04
9.6.3	24 / 17	2026-02-02
9.6.2	23 / 17	2026-01-26
9.6.1	23 / 17	2026-01-26
9.6.0	22 / 17	2026-01-12
9.4.0	22 / 15	2025-12-01
9.3.2	22 / 15	2025-11-15
9.3.1	22 / 15	2025-11-12
9.3.0	22 / 15	2025-11-06
9.2.2	22 / 15	2025-10-22
9.2.1	24 / 14	2025-08-31
9.2.0	24 / 14	2025-07-19
9.1.5	24 / 14	2025-07-13
9.1.3	24 / 14	2025-07-05
9.1.2	24 / 14	2025-06-24
9.1.1	24 / 14	2025-06-14
9.1.0	24 / 14	2025-06-14
9.0.2	24 / 14	2025-05-20
9.0.1	24 / 14	2025-05-08
9.0.0	24 / 14	2025-05-05
8.19.4	24 / 14	2025-05-03
8.19.3	24 / 14	2025-04-27
8.19.2	24 / 14	2025-04-20
8.19.1	24 / 14	2025-04-18
8.19.0	24 / 14	2025-04-16
8.18.1	24 / 14	2025-03-29
8.18.0	24 / 14	2025-03-26
8.17.5	24 / 14	2025-02-22
8.17.4	24 / 14	2025-02-19
8.17.3	24 / 14	2025-01-28
8.17.2	24 / 14	2025-01-13
8.17.1	24 / 14	2024-12-16
8.17.0	24 / 14	2024-12-15
8.16.1	24 / 14	2024-11-27
8.16.0	24 / 14	2024-11-07
8.15.7	24 / 14	2024-11-03
8.15.6	24 / 14	2024-11-02
8.15.5	24 / 14	2024-10-30
8.15.4	24 / 14	2024-10-18
8.15.3	24 / 14	2024-10-16
8.15.2	24 / 14	2024-10-14
8.15.1	24 / 14	2024-10-11
8.15.0	24 / 14	2024-10-11
8.14.4	24 / 14	2024-09-18
8.14.3	24 / 14	2024-09-17
8.14.2	24 / 14	2024-08-20
8.14.1	24 / 14	2024-08-17
8.13.3	23 / 14	2024-08-12