netlify-cli — Greenflagged

Netlify command line tool

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

seanrobertsbiilmanneduardoboucasnetlify-botsarahettermikewenkathmbeckhrishikeshkvitaliyrberdavyouvalvserhalp-netlifydomitriusanthonyakardettbarnseancdavismlgualtieri-gatsby

Keywords

apiclinetlifystatic

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): Published by official netlify-bot with SLSA provenance; maintainer roster changes are normal for a large org CLI.	ai	2026/05/08
maintainer-change	maintainer-removed	AI (maintainer-change): Same rationale — org-managed package with provenance attestation; removals reflect normal team changes.	ai	2026/05/08
publish-pattern	dormant-publish	AI (publish-pattern): Official Netlify CLI with SLSA provenance; high-frequency release history makes dormancy gap a false positive for this package.	ai	2026/05/08
dependencies	unvetted-dep:gh-release-fetch	AI (dependencies): Expected dependency for a CLI tool that fetches prebuilt binaries from GitHub releases; consistent with netlify-cli's documented install flow.	ai	2026/05/03
dependencies	unvetted-dep:folder-walker	AI (dependencies): Filesystem utility; stable dep for this package.	ai	2026/04/30
dependencies	unvetted-dep:express-logging	AI (dependencies): Logging middleware; stable dep for this package.	ai	2026/04/30
dependencies	unvetted-dep:maxstache-stream	AI (dependencies): Streaming templating dep; stable for this package.	ai	2026/04/30
dependencies	unvetted-dep:@netlify/build-info	AI (dependencies): First-party Netlify dep; stable for this package.	ai	2026/04/30
dependencies	unvetted-dep:@netlify/local-functions-proxy	AI (dependencies): First-party Netlify dep; stable for this package.	ai	2026/04/30
dependencies	unvetted-dep:git-repo-info	AI (dependencies): Git metadata utility; stable dep for this package.	ai	2026/04/30
dependencies	unvetted-dep:maxstache	AI (dependencies): Legitimate templating dep used by netlify-cli across versions.	ai	2026/04/30
dependencies	unvetted-dep:http-proxy	AI (dependencies): Well-known proxy library; stable dep for this package.	ai	2026/04/30
dependencies	unvetted-dep:ascii-table	AI (dependencies): Benign table-formatting utility; stable dep for this package.	ai	2026/04/30
install-scripts	install-script:postinstall	AI (install-scripts): Runs a local bundled script (scripts/postinstall.js), not a remote fetch; stable pattern for netlify-cli.	ai	2026/04/29
phantom-deps	phantom-dep:@netlify/edge-functions	AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive for netlify-cli.	ai	2026/04/29
phantom-deps	phantom-dep:@opentelemetry/api	AI (phantom-deps): Listed in dependencies; phantom-dep heuristic false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:write-file-atomic	AI (phantom-deps): Listed in dependencies; phantom-dep heuristic false positive for this package.	ai	2026/04/29

Versions (showing 21 of 21)

Version	Deps	Published
26.0.2	98 / 63	2026-05-15
26.0.1	98 / 63	2026-05-05
26.0.0	98 / 63	2026-04-28
25.6.2	98 / 63	2026-04-28
25.6.1	98 / 63	2026-04-27
25.6.0	98 / 63	2026-04-24
25.3.0	98 / 62	2026-04-22
25.1.1	98 / 62	2026-04-21
25.1.0	98 / 62	2026-04-21
25.0.1	98 / 62	2026-04-18
25.0.0	98 / 62	2026-04-17
24.11.3	97 / 0	2026-04-15
24.11.1	97 / 0	2026-04-09
24.11.0	97 / 0	2026-04-09
24.9.0	97 / 0	2026-03-31
24.8.2	97 / 0	2026-03-31
24.5.1	97 / 0	2026-03-24
24.1.0	97 / 0	2026-03-11
23.13.3	95 / 0	2026-01-08
23.11.0	96 / 0	2025-11-13
23.10.0	96 / 0	2025-11-04