@adobe/aio-cli-plugin-api-mesh Apache-2.0 3 versions

@adobe/aio-cli-plugin-api-mesh

npm Repository Homepage

Adobe I/O CLI plugin to develop and manage API mesh sources

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

marbectripodgarthdblazdadobe-adminpatrickfultontrieloffshazronkrisnyedcpfsdknatebaldwindevongovettaspro83symanovidpfisterstefan-guggisbergrofekptdobeadobehallsfullcolorcoderdjaeggidylandepassmhaackamol-anandstopp-adobedotenduh_schmidtasthabh23zdahbituicufmeschbe

Keywords

oclif-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): CLI tool that runs local mesh commands; child_process use is expected and documented.	ai	2026/04/30
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used in a Proxy for secrets access guard, not obfuscation.	ai	2026/04/30
semgrep	semgrep:dynamic-require	AI (semgrep): Loads a local mesh config file from a known path; not arbitrary user-controlled module loading.	ai	2026/04/30

Versions (showing 3 of 3)

Version	Deps	Published
5.6.5	64 / 22	2026-04-28
5.6.3	64 / 22	2026-04-03
5.6.2	64 / 22	2026-03-30

v5.6.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.6.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.