@adobe/aem-cli
AEM CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-bulk-read | AI (semgrep): CLI config loader filtering process.env for HLX_ prefixed vars; expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): CLI tool; deps referenced in config files rather than direct imports is normal for this package. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): CLI tool; deps referenced in config files rather than direct imports is normal for this package. | ai | |
| phantom-deps | phantom-dep:shelljs | AI (phantom-deps): CLI tool; deps referenced in config files rather than direct imports is normal for this package. | ai | |
| phantom-deps | phantom-dep:progress | AI (phantom-deps): CLI tool; deps referenced in config files rather than direct imports is normal for this package. | ai | |
| phantom-deps | phantom-dep:proxy-agent | AI (phantom-deps): CLI tool; deps referenced in config files rather than direct imports is normal for this package. | ai |
Versions (showing 51 of 72)
| Version | Deps | Published |
|---|---|---|
| 16.20.0 | 42 / 16 | |
| 16.19.14 | 42 / 16 | |
| 16.19.13 | 42 / 16 | |
| 16.19.12 | 42 / 16 | |
| 16.19.11 | 42 / 16 | |
| 16.19.10 | 42 / 16 | |
| 16.19.9 | 42 / 16 | |
| 16.19.8 | 42 / 16 | |
| 16.19.7 | 42 / 16 | |
| 16.19.6 | 42 / 16 | |
| 16.19.5 | 42 / 16 | |
| 16.19.4 | 42 / 16 | |
| 16.19.3 | 42 / 16 | |
| 16.19.2 | 42 / 16 | |
| 16.19.1 | 42 / 16 | |
| 16.18.6 | 42 / 16 | |
| 16.18.3 | 42 / 16 | |
| 16.17.1 | 37 / 16 | |
| 16.17.0 | 37 / 16 | |
| 16.16.33 | 37 / 16 | |
| 16.16.32 | 37 / 16 | |
| 16.16.31 | 37 / 16 | |
| 16.16.30 | 37 / 16 | |
| 16.16.29 | 37 / 16 | |
| 16.15.12 | 36 / 16 | |
| 16.15.11 | 36 / 16 | |
| 16.15.10 | 36 / 16 | |
| 16.15.7 | 36 / 16 | |
| 16.15.6 | 36 / 16 | |
| 16.15.5 | 36 / 16 | |
| 16.15.4 | 36 / 16 | |
| 16.15.3 | 36 / 16 | |
| 16.15.2 | 36 / 16 | |
| 16.15.1 | 36 / 16 | |
| 16.15.0 | 36 / 16 | |
| 16.14.0 | 36 / 16 | |
| 16.13.2 | 36 / 16 | |
| 16.13.1 | 36 / 16 | |
| 16.13.0 | 36 / 16 | |
| 16.12.0 | 36 / 16 | |
| 16.11.3 | 36 / 16 | |
| 16.11.2 | 36 / 16 | |
| 16.11.1 | 36 / 16 | |
| 16.11.0 | 36 / 16 | |
| 16.10.47 | 36 / 16 | |
| 16.10.46 | 36 / 16 | |
| 16.10.45 | 36 / 16 | |
| 16.10.44 | 36 / 16 | |
| 16.10.43 | 36 / 16 | |
| 16.10.42 | 36 / 16 | |
| 16.10.41 | 36 / 16 |
v16.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.18.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.18.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.15.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.15.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.15.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.15.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.15.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.14.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.13.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.13.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.13.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.11.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.11.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.11.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.10.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.