cspell-lib
A library of useful functions used across various cspell tools.
41
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
jason-dent
Keywords
spellcheckercodecamelcasespellingspell checkerspelling checkerlint
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): False positive: short README is expected for a monorepo library component; 'empty' entry point is a re-export stub, not the actual library. | ai | |
| source-diff | large-new-source-files | AI (source-diff): cspell-lib is an active monorepo package; large file count increases are expected across minor/patch versions due to build output changes and feature additions. | ai | |
| provenance | no-provenance | AI (provenance): Established package from highly trusted publisher; lack of Sigstore is not a disqualifier for mature, well-maintained projects. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is @cspell/[email protected], a first-party cspell monorepo package pinned to the same version. Not a suspicious third-party addition. | ai | |
| phantom-deps | phantom-dep:comment-json | AI (phantom-deps): Legitimate phantom dependency; declared in package.json and referenced in config files but not directly imported in source code. | ai | |
| phantom-deps | phantom-dep:fast-equals | AI (phantom-deps): Legitimate phantom dependency; declared in package.json and referenced in config files but not directly imported in source code. | ai | |
| dependencies | unvetted-dep:env-paths | AI (dependencies): env-paths is a well-known, benign utility for OS standard paths. Its use in cspell-lib for locating config/cache directories is expected and legitimate. | ai | |
| phantom-deps | phantom-dep:@cspell/cspell-bundled-dicts | AI (phantom-deps): @cspell/cspell-bundled-dicts is explicitly declared as a runtime dependency in package.json. The phantom-dep finding is a false positive for this package. | ai |
Versions (showing 41 of 341)
| Version | Deps | Published |
|---|---|---|
| 4.1.3 | 30 / 1 | |
| 4.1.2 | 30 / 1 | |
| 4.1.1 | 30 / 1 | |
| 4.1.0 | 26 / 1 | |
| 4.0.26 | 26 / 1 | |
| 4.0.25 | 26 / 1 | |
| 4.0.24 | 26 / 1 | |
| 4.0.23 | 25 / 1 | |
| 4.0.22 | 25 / 1 | |
| 4.0.21 | 25 / 1 | |
| 4.0.20 | 25 / 1 | |
| 4.0.18 | 25 / 1 | |
| 4.0.17 | 25 / 0 | |
| 4.0.16 | 25 / 1 | |
| 4.0.15 | 25 / 1 | |
| 4.0.14 | 25 / 1 | |
| 4.0.13 | 25 / 1 | |
| 4.0.12 | 25 / 1 | |
| 4.0.11 | 25 / 1 | |
| 4.0.10 | 25 / 1 | |
| 4.0.9 | 25 / 0 | |
| 4.0.8 | 2 / 0 | |
| 4.0.6 | 2 / 0 | |
| 4.0.5 | 1 / 0 | |
| 4.0.4 | 2 / 0 | |
| 4.0.3 | 3 / 0 | |
| 3.0.8 | 2 / 0 | |
| 3.0.7 | 2 / 0 | |
| 3.0.6 | 2 / 0 | |
| 3.0.5 | 2 / 15 | |
| 3.0.4 | 2 / 15 | |
| 3.0.3 | 2 / 15 | |
| 3.0.2 | 2 / 15 | |
| 3.0.1 | 2 / 15 | |
| 3.0.0 | 2 / 16 | |
| 2.0.2 | 3 / 14 | |
| 2.0.1 | 3 / 14 | |
| 2.0.0 | 3 / 14 | |
| 1.0.2 | 3 / 14 | |
| 1.0.1 | 4 / 13 | |
| 1.0.0 | 4 / 13 |