cspell
A Spelling Checker for Code!
9
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
jason-dent
Keywords
spellcheckercodecamelcasespellingspell checkerspelling checkerlint
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are first-party @cspell/ scoped packages at the same version, from the same monorepo. Not an external supply chain risk. | ai | |
| dependencies | unvetted-dep:fast-json-stable-stringify | AI (dependencies): fast-json-stable-stringify is a well-known, widely-used utility with no security issues; its use in cspell is stable and expected across versions. | ai | |
| source-diff | obfuscated-file:dist/esm/app.js | AI (source-diff): Bundled output from tsdown build tool; code is readable with meaningful names, not obfuscated. Standard for this package's build pipeline. | ai | |
| phantom-deps | phantom-dep:@cspell/cspell-worker | AI (phantom-deps): First-party monorepo package used as a runtime worker; phantom detection is a false positive for bundled CLI packages. | ai | |
| phantom-deps | phantom-dep:fast-json-stable-stringify | AI (phantom-deps): Well-known utility; phantom detection is a false positive for bundled output where imports are resolved at build time. | ai | |
| phantom-deps | phantom-dep:@cspell/cspell-json-reporter | AI (phantom-deps): First-party monorepo reporter package; phantom detection is a false positive for bundled CLI packages with dynamic plugin loading. | ai |