webpack-serve — Greenflagged

A CLI for webpack-plugin-serve, providing a premier webpack development server

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

shellscape

Keywords

developmentdevserverserveserverwebpack

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in lib/config.js is a config-file loader pattern — intentionally loads user-specified webpack config files. This is expected behavior for a webpack CLI tool.	ai	2026/04/23
publish-pattern	dormant-publish	AI (publish-pattern): shellscape is a long-established publisher with 1500 approved packages. The gap reflects a major version bump, not an account takeover signal.	ai	2026/04/23

Versions (showing 25 of 25)

Version	Deps	Published
4.0.0	10 / 17	2021-04-01
3.2.0	10 / 17	2019-09-19
3.1.1	10 / 18	2019-07-21
3.1.0	10 / 18	2019-04-08
3.0.0	10 / 17	2019-04-01
2.0.3	31 / 26	2018-11-20
2.0.2	31 / 27	2018-07-09
2.0.1	31 / 27	2018-07-09
2.0.0	31 / 27	2018-07-09
1.0.4	24 / 20	2018-06-08
1.0.3	24 / 20	2018-06-07
1.0.2	24 / 20	2018-05-13
1.0.1	24 / 20	2018-05-13
1.0.0	24 / 20	2018-05-13
0.3.2	23 / 18	2018-05-01
0.3.1	23 / 18	2018-03-31
0.3.0	21 / 18	2018-03-28
0.2.0	21 / 17	2018-03-06
0.1.5	20 / 16	2018-02-28
0.1.4	19 / 16	2018-02-23
0.1.3	19 / 16	2018-02-22
0.1.2	19 / 16	2018-02-22
0.1.1	19 / 16	2018-02-21
0.1.0	19 / 16	2018-02-21
0.0.0	0 / 0	2016-04-06