@adhdev/daemon-core
ADHDev daemon core — CDP, IDE detection, providers, command execution
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:silent-process-exec | AI (semgrep): Spawns process.execPath with process.argv.slice(1) — a self-restart/daemon pattern, not a reverse shell or miner. Stable for this daemon tooling package. | ai | |
| semgrep | semgrep:silent-process-exec-var | AI (semgrep): Same self-restart pattern as silent-process-exec; detached spawn of the same Node process is a standard daemon restart idiom. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env into child process spawn config is standard for CLI tools that need to pass the current environment to subprocesses. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): All raw IP references are 127.0.0.1 (localhost) for CDP protocol communication — expected behavior for a local browser debugger integration. | ai | |
| semgrep | semgrep:http-module-request | AI (semgrep): HTTP requests target 127.0.0.1 for CDP version endpoint — standard local CDP usage, not telemetry or exfiltration. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding of CDP protocol response data (e.g., screenshots) is standard CDP usage. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require in validate.js loads provider plugin files for validation — a legitimate plugin loader pattern. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process used to run 'which' to check command availability — standard CLI tool pattern. | ai | |
| provenance | no-provenance | AI (provenance): No provenance is common (~88% of npm packages); not a disqualifier on its own for this package. | ai |
Versions (showing 100 of 346)
| Version | Deps | Published |
|---|---|---|
| 0.9.81 | 9 / 6 | |
| 0.9.80 | 9 / 6 | |
| 0.9.79 | 9 / 6 | |
| 0.9.78 | 9 / 6 | |
| 0.9.77 | 9 / 6 | |
| 0.9.76 | 9 / 6 | |
| 0.9.75 | 8 / 5 | |
| 0.9.74 | 8 / 5 | |
| 0.9.73 | 8 / 5 | |
| 0.9.72 | 8 / 5 | |
| 0.9.71 | 8 / 5 | |
| 0.9.70 | 8 / 5 | |
| 0.9.69 | 8 / 5 | |
| 0.9.68 | 8 / 5 | |
| 0.9.67 | 8 / 5 | |
| 0.9.66 | 8 / 5 | |
| 0.9.65 | 8 / 5 | |
| 0.9.64 | 8 / 5 | |
| 0.9.63 | 8 / 5 | |
| 0.9.62 | 8 / 5 | |
| 0.9.61 | 8 / 5 | |
| 0.9.60 | 8 / 5 | |
| 0.9.59 | 8 / 5 | |
| 0.9.58 | 8 / 5 | |
| 0.9.57 | 8 / 5 | |
| 0.9.56 | 8 / 5 | |
| 0.9.55 | 8 / 5 | |
| 0.9.54 | 8 / 5 | |
| 0.9.53 | 8 / 5 | |
| 0.9.52 | 8 / 5 | |
| 0.9.51 | 8 / 5 | |
| 0.9.50 | 8 / 5 | |
| 0.9.49 | 8 / 5 | |
| 0.9.48 | 8 / 5 | |
| 0.9.47 | 8 / 5 | |
| 0.9.46 | 8 / 5 | |
| 0.9.45 | 8 / 5 | |
| 0.9.44 | 8 / 5 | |
| 0.9.43 | 8 / 5 | |
| 0.9.42 | 8 / 5 | |
| 0.9.41 | 8 / 5 | |
| 0.9.40 | 8 / 5 | |
| 0.9.39 | 8 / 5 | |
| 0.9.38 | 8 / 5 | |
| 0.9.37 | 8 / 5 | |
| 0.9.36 | 8 / 5 | |
| 0.9.35 | 8 / 5 | |
| 0.9.34 | 8 / 5 | |
| 0.9.33 | 8 / 5 | |
| 0.9.32 | 8 / 5 | |
| 0.9.31 | 8 / 5 | |
| 0.9.30 | 8 / 5 | |
| 0.9.29 | 8 / 5 | |
| 0.9.28 | 8 / 5 | |
| 0.9.27 | 8 / 5 | |
| 0.9.26 | 8 / 5 | |
| 0.9.25 | 8 / 5 | |
| 0.9.24 | 8 / 5 | |
| 0.9.23 | 8 / 5 | |
| 0.9.22 | 8 / 5 | |
| 0.9.21 | 8 / 5 | |
| 0.9.20 | 8 / 5 | |
| 0.9.19 | 8 / 5 | |
| 0.9.18 | 8 / 5 | |
| 0.9.17 | 8 / 5 | |
| 0.9.16 | 8 / 5 | |
| 0.9.15 | 8 / 5 | |
| 0.9.14 | 8 / 5 | |
| 0.9.13 | 8 / 5 | |
| 0.9.12 | 8 / 5 | |
| 0.9.11 | 8 / 5 | |
| 0.9.10 | 8 / 5 | |
| 0.9.9 | 8 / 5 | |
| 0.9.8 | 8 / 5 | |
| 0.9.7 | 8 / 5 | |
| 0.9.6 | 8 / 5 | |
| 0.9.5 | 8 / 5 | |
| 0.9.4 | 8 / 5 | |
| 0.9.3 | 8 / 5 | |
| 0.9.2 | 8 / 5 | |
| 0.9.1 | 8 / 5 | |
| 0.9.0 | 8 / 5 | |
| 0.8.102 | 8 / 5 | |
| 0.8.101 | 8 / 5 | |
| 0.8.100 | 8 / 5 | |
| 0.8.99 | 8 / 5 | |
| 0.8.98 | 8 / 5 | |
| 0.8.97 | 8 / 5 | |
| 0.8.96 | 8 / 5 | |
| 0.8.95 | 8 / 5 | |
| 0.8.94 | 8 / 5 | |
| 0.8.93 | 8 / 5 | |
| 0.8.92 | 8 / 5 | |
| 0.8.91 | 8 / 5 | |
| 0.8.90 | 8 / 5 | |
| 0.8.89 | 8 / 5 | |
| 0.8.88 | 8 / 5 | |
| 0.8.87 | 8 / 5 | |
| 0.8.86 | 8 / 5 | |
| 0.8.85 | 8 / 5 |
v0.9.81
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.80
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.79
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.78
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.76
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.75
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.74
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.73
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.72
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.71
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.70
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.69
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.67
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.65
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.22
18 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L260 258 | 259 | export function spawnDetachedDaemonUpgradeHelper(payload: DaemonUpgradeHelperPayload): void { > 260 | const env = { ...process.env, [UPGRADE_HELPER_ENV]: JSON.stringify(payload) }; 261 | const child = spawn(process.execPath, process.argv.slice(1), { 262 | detached: true,
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L261 259 | export function spawnDetachedDaemonUpgradeHelper(payload: DaemonUpgradeHelperPayload): void { 260 | const env = { ...process.env, [UPGRADE_HELPER_ENV]: JSON.stringify(payload) }; > 261 | const child = spawn(process.execPath, process.argv.slice(1), { 262 | detached: true, 263 | stdio: 'ignore',
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L261 259 | export function spawnDetachedDaemonUpgradeHelper(payload: DaemonUpgradeHelperPayload): void { 260 | const env = { ...process.env, [UPGRADE_HELPER_ENV]: JSON.stringify(payload) }; > 261 | const child = spawn(process.execPath, process.argv.slice(1), { 262 | detached: true, 263 | stdio: 'ignore',
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L319 317 | 318 | if (restartArgv.length > 0) { > 319 | const env = { ...process.env }; 320 | delete env[UPGRADE_HELPER_ENV]; 321 | appendUpgradeLog(`Restarting daemon with args: ${restartArgv.join(' ')}`);
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L322 320 | delete env[UPGRADE_HELPER_ENV]; 321 | appendUpgradeLog(`Restarting daemon with args: ${restartArgv.join(' ')}`); > 322 | const child = spawn(process.execPath, restartArgv, { 323 | detached: true, 324 | stdio: 'ignore',
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/commands/upgrade-helper.ts#L322 320 | delete env[UPGRADE_HELPER_ENV]; 321 | appendUpgradeLog(`Restarting daemon with args: ${restartArgv.join(' ')}`); > 322 | const child = spawn(process.execPath, restartArgv, { 323 | detached: true, 324 | stdio: 'ignore',
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/daemon/dev-auto-implement.ts#L322 320 | stdio: ['pipe', 'pipe', 'pipe'], 321 | shell: spawn.shell ?? false, > 322 | env: { ...process.env, ...(spawn.env || {}) }, 323 | }); 324 | ctx.autoImplProcess = child;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/daemon/dev-auto-implement.ts#L488 486 | rows: 40, 487 | cwd: providerDir, > 488 | env: { ...process.env, ...(spawn.env || {}) }, 489 | }); 490 | isPty = true;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/daemon/dev-auto-implement.ts#L498 496 | timeout: 900000, 497 | stdio: ['pipe', 'pipe', 'pipe'], > 498 | env: { 499 | ...process.env, 500 | ...(spawn.env || {}),
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/daemon/dev-server.ts#L880 878 | timeout: timeout, 879 | stdio: ['pipe', 'pipe', 'pipe'], > 880 | env: { ...process.env, ...(spawn.env || {}) }, 881 | }); 882 |
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L434 432 | if (!useAppLauncher && ide.cliCommand) { 433 | // CLI based execute > 434 | spawn(ide.cliCommand, args, { detached: true, stdio: 'ignore' }).unref(); 435 | } else if (appName) { 436 | // Fallback to `open -a` when no CLI wrapper is available or the provider prefers it.
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L434 432 | if (!useAppLauncher && ide.cliCommand) { 433 | // CLI based execute > 434 | spawn(ide.cliCommand, args, { detached: true, stdio: 'ignore' }).unref(); 435 | } else if (appName) { 436 | // Fallback to `open -a` when no CLI wrapper is available or the provider prefers it.
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L438 436 | // Fallback to `open -a` when no CLI wrapper is available or the provider prefers it. 437 | const openArgs = ['-a', appName, '--args', ...args]; > 438 | spawn('open', openArgs, { detached: true, stdio: 'ignore' }).unref(); 439 | } else { 440 | throw new Error(`No app identifier or CLI for ${ide.displayName}`);
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L438 436 | // Fallback to `open -a` when no CLI wrapper is available or the provider prefers it. 437 | const openArgs = ['-a', appName, '--args', ...args]; > 438 | spawn('open', openArgs, { detached: true, stdio: 'ignore' }).unref(); 439 | } else { 440 | throw new Error(`No app identifier or CLI for ${ide.displayName}`);
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L474 472 | if (workspace) args.push(workspace); 473 | > 474 | spawn(cli, args, { detached: true, stdio: 'ignore' }).unref(); 475 | } 476 |
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/launch.ts#L474 472 | if (workspace) args.push(workspace); 473 | > 474 | spawn(cli, args, { detached: true, stdio: 'ignore' }).unref(); 475 | } 476 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vilmire/adhdev/blob/191c4595aa9e9585fc0d306ab83933e99f26e968/src/providers/acp-provider-instance.ts#L638 636 | // ADHDev does NOT inject API keys — tools read their own env vars or config files. 637 | > 638 | const env = { ...process.env, ...(spawnConfig.env || {}) }; 639 | 640 | this.log.info(`[${this.type}] Spawning: ${command} ${args.join(' ')} in ${this.workingDir}`);
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.102
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.101
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.100
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.99
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.98
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.97
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.96
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.95
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.94
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.93
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.92
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.91
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.90
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.89
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.88
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.87
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.86
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.85
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.