lingo.dev
Lingo.dev CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:p-limit | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-disable-tokenizers | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:mdast-util-from-markdown | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:dedent | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:micromark-extension-gfm | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-mdx-frontmatter | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-frontmatter | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:@paralleldrive/cuid2 | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:remark-stringify | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:@biomejs/wasm-nodejs | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-mdx | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:ink-spinner | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:cli-progress | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-rehype | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:mdast-util-gfm | AI (phantom-deps): Optional mdast utility loaded by convention. | ai | |
| phantom-deps | phantom-dep:ink-progress-bar | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:rehype-stringify | AI (phantom-deps): Optional rehype plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:marked | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_sdk | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_spec | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_react | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_locales | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_compiler | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:vfile | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:xpath | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:unified | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:@inkjs/ui | AI (phantom-deps): Optional UI component loaded by convention in this CLI tool. | ai | |
| phantom-deps | phantom-dep:@types/ejs | AI (phantom-deps): Type-only package, framework-scoped; stable false positive. | ai | |
| phantom-deps | phantom-dep:ejs | AI (phantom-deps): Bundled CLI; deps loaded dynamically by format handlers, not via direct top-level imports. | ai | |
| phantom-deps | phantom-dep:posthog-node | AI (phantom-deps): Analytics loaded indirectly in bundled CLI. | ai | |
| phantom-deps | phantom-dep:xliff | AI (phantom-deps): Format handler loaded dynamically in bundled CLI. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Bundled CLI with React-based ink UI; loaded indirectly. | ai | |
| phantom-deps | phantom-dep:sax | AI (phantom-deps): Bundled CLI; format-specific parser loaded indirectly. | ai | |
| phantom-deps | phantom-dep:ink | AI (phantom-deps): Bundled CLI; ink used via compiled output, not direct import. | ai |
Versions (showing 47 of 247)
| Version | Deps | Published |
|---|---|---|
| 0.93.0 | 82 / 22 | |
| 0.92.19 | 80 / 22 | |
| 0.92.18 | 80 / 22 | |
| 0.92.17 | 80 / 22 | |
| 0.92.16 | 80 / 22 | |
| 0.92.15 | 80 / 22 | |
| 0.92.14 | 80 / 22 | |
| 0.92.13 | 80 / 22 | |
| 0.92.12 | 80 / 22 | |
| 0.92.11 | 80 / 22 | |
| 0.92.10 | 80 / 22 | |
| 0.92.9 | 80 / 22 | |
| 0.92.8 | 73 / 20 | |
| 0.92.7 | 73 / 20 | |
| 0.92.6 | 73 / 20 | |
| 0.92.5 | 73 / 20 | |
| 0.92.4 | 72 / 20 | |
| 0.92.3 | 72 / 20 | |
| 0.92.2 | 72 / 20 | |
| 0.90.4 | 68 / 19 | |
| 0.90.3 | 68 / 19 | |
| 0.90.2 | 68 / 19 | |
| 0.90.1 | 68 / 19 | |
| 0.90.0 | 68 / 19 | |
| 0.89.6 | 68 / 19 | |
| 0.89.5 | 68 / 19 | |
| 0.89.4 | 68 / 19 | |
| 0.89.3 | 68 / 19 | |
| 0.89.2 | 68 / 19 | |
| 0.89.1 | 68 / 19 | |
| 0.89.0 | 68 / 19 | |
| 0.88.0 | 68 / 19 | |
| 0.87.15 | 68 / 19 | |
| 0.87.14 | 68 / 19 | |
| 0.87.13 | 68 / 19 | |
| 0.87.12 | 68 / 19 | |
| 0.87.11 | 68 / 19 | |
| 0.87.10 | 68 / 19 | |
| 0.87.9 | 68 / 19 | |
| 0.87.8 | 68 / 19 | |
| 0.87.7 | 68 / 19 | |
| 0.87.6 | 68 / 19 | |
| 0.87.5 | 68 / 19 | |
| 0.87.4 | 68 / 19 | |
| 0.87.3 | 68 / 19 | |
| 0.87.2 | 68 / 19 | |
| 0.87.1 | 68 / 19 |
v0.93.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.92.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.89.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.88.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.87.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.