netlify MIT 24 versions

netlify

npm Repository Homepage

Netlify command line tool

24

Versions

MIT

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

seanrobertsbiilmanneduardoboucasnetlify-botsarahettermikewenkathmbeckhrishikeshkvitaliyrberdavyouvalvserhalp-netlifydomitriusanthonyakardettbarnseancdavismlgualtieri-gatsby

Keywords

apiclinetlifystatic

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): yauzl is a well-established zip library; swap from extract-zip is a routine refactor for this package.	ai	2026/06/01
dependencies	unvetted-dep:express-logging	AI (dependencies): Express middleware for logging; benign dependency for local dev server.	ai	2026/05/08
dependencies	unvetted-dep:http-proxy	AI (dependencies): Well-known, widely-used proxy library; stable dependency for this CLI.	ai	2026/05/08
dependencies	unvetted-dep:ascii-table	AI (dependencies): Small utility library; no security concern for this CLI.	ai	2026/05/08
dependencies	unvetted-dep:gh-release-fetch	AI (dependencies): Used for fetching GitHub releases; expected in a CLI tool.	ai	2026/05/08
dependencies	unvetted-dep:@netlify/build-info	AI (dependencies): First-party @netlify scoped package; trusted for this CLI.	ai	2026/05/08
dependencies	unvetted-dep:@netlify/local-functions-proxy	AI (dependencies): First-party @netlify scoped package; trusted for this CLI.	ai	2026/05/08
publish-pattern	dormant-publish	AI (publish-pattern): Active Netlify CLI with 280 versions; dormancy reflects publisher account history, not package inactivity.	ai	2026/05/08
phantom-deps	phantom-dep:@opentelemetry/api	AI (phantom-deps): Declared dep used via config/indirect reference; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@netlify/edge-functions	AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive for this CLI.	ai	2026/04/30
phantom-deps	phantom-dep:write-file-atomic	AI (phantom-deps): Declared dep used via config/indirect reference; stable false positive for this package.	ai	2026/04/30
install-scripts	install-script:postinstall	AI (install-scripts): Official Netlify CLI; postinstall runs a local JS script, consistent with CLI setup across all versions.	ai	2026/04/29

Versions (showing 24 of 24)

Version	Deps	Published
26.1.0	97 / 64	2026-05-31
26.0.2	98 / 63	2026-05-15
26.0.1	98 / 63	2026-05-05
26.0.0	98 / 63	2026-04-28
25.6.2	98 / 63	2026-04-28
25.6.1	98 / 63	2026-04-27
25.6.0	98 / 63	2026-04-24
25.5.0	98 / 62	2026-04-23
25.2.0	98 / 62	2026-04-22
25.1.1	98 / 62	2026-04-21
25.1.0	98 / 62	2026-04-21
25.0.1	98 / 62	2026-04-18
25.0.0	98 / 62	2026-04-17
24.11.3	97 / 0	2026-04-15
24.11.2	97 / 0	2026-04-14
24.10.0	97 / 0	2026-04-06
24.9.0	97 / 0	2026-03-31
24.8.2	97 / 0	2026-03-31
24.4.1	97 / 0	2026-03-23
24.2.0	97 / 0	2026-03-12
23.13.1	95 / 0	2026-01-06
23.13.0	95 / 0	2025-12-18
23.11.1	95 / 0	2025-11-18
23.10.0	96 / 0	2025-11-04

v26.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.6.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.11.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.11.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.8.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v23.13.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v23.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v23.11.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v23.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.