← Home

@agentuity/cli

npm Repository Homepage
51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

p0tofpiehuijirojhaynie

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-removed AI (maintainer-change): Active org package with frequent releases; maintainer rotation is expected and publisher is a known maintainer. ai
phantom-deps phantom-dep:git-url-parse AI (phantom-deps): git-url-parse is a declared runtime dep used via config; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@vitejs/plugin-react AI (phantom-deps): Used in vite config files; phantom-dep heuristic false positive for config-referenced deps. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): TypeScript is a build-time tool declared as a dep for tsc; not directly imported at runtime — stable false positive for this package. ai
phantom-deps phantom-dep:@types/yazl AI (phantom-deps): @types/yazl is a type declaration package; not directly imported but used by TypeScript compiler — stable false positive. ai
typosquat typosquat.levenshtein:joi AI (typosquat): @agentuity/cli is a scoped package; Levenshtein match to 'joi' is a false positive. ai
semgrep semgrep:env-spread AI (semgrep): CLI tool passing process.env to child processes is standard; no exfiltration path. ai
bogus-package bogus-package AI (bogus-package): Scoped org CLI with 248 versions; missing metadata fields are cosmetic, not malicious. ai
semgrep semgrep:dll-hijacking-commands AI (semgrep): rundll32 user32.dll,MessageBeep is a benign Windows sound notification call. ai
semgrep semgrep:shady-links-raw-ip AI (semgrep): Localhost (127.0.0.1) health check for dev server port — not a remote raw IP. ai
semgrep semgrep:base64-decode AI (semgrep): SSH key fingerprint computation; standard crypto use, no payload hiding. ai
semgrep semgrep:env-bulk-read AI (semgrep): Debug-only env enumeration filtered to relevant keys; not exfiltration. ai

Versions (showing 51 of 98)

View all versions
Version Deps Published
3.0.4 17 / 6
3.0.3 17 / 6
3.0.2 17 / 6
3.0.1 17 / 6
3.0.0 17 / 6
2.0.22 21 / 9
2.0.21 21 / 9
2.0.14 21 / 9
2.0.13 21 / 9
2.0.12 21 / 9
2.0.11 21 / 9
2.0.10 21 / 9
2.0.9 21 / 9
2.0.8 21 / 9
2.0.7 20 / 9
0.1.16 21 / 8
0.1.15 21 / 8
0.1.14 21 / 8
0.1.13 21 / 8
0.1.12 21 / 8
0.1.11 21 / 8
0.1.10 21 / 8
0.1.9 21 / 8
0.1.8 21 / 8
0.1.7 21 / 8
0.1.6 21 / 8
0.1.5 21 / 8
0.1.4 21 / 8
0.1.3 21 / 8
0.1.2 20 / 8
0.1.1 20 / 8
0.1.0 20 / 8
0.0.112 20 / 8
0.0.111 20 / 8
0.0.110 20 / 8
0.0.109 19 / 8
0.0.108 19 / 8
0.0.107 19 / 8
0.0.106 19 / 8
0.0.105 19 / 8
0.0.104 19 / 8
0.0.103 19 / 8
0.0.102 19 / 8
0.0.101 19 / 8
0.0.100 19 / 7
0.0.99 19 / 7
0.0.98 19 / 7
0.0.97 19 / 7
0.0.96 19 / 7
0.0.95 17 / 6
0.0.94 17 / 6

v3.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.2

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: p0tofpie → huijiro (on 2026-05-29, known maintainer) provenance

This version was published by a different npm account (huijiro) than the most recent previously approved version (p0tofpie) on 2026-05-29, but huijiro is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v3.0.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: jhaynie → huijiro (on 2026-05-26, known maintainer) provenance

This version was published by a different npm account (huijiro) than the most recent previously approved version (jhaynie) on 2026-05-26, but huijiro is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v3.0.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: jhaynie → huijiro (on 2026-05-25, known maintainer) provenance

This version was published by a different npm account (huijiro) than the most recent previously approved version (jhaynie) on 2026-05-25, but huijiro is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v2.0.22

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: jhaynie → p0tofpie (on 2026-05-27, known maintainer) provenance

This version was published by a different npm account (p0tofpie) than the most recent previously approved version (jhaynie) on 2026-05-27, but p0tofpie is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v2.0.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.12

9 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:388 semgrep

Spreading entire process.env into an object — may capture all secrets 386 | 387 | // ── Normal mode: spawn pi with extension ── > 388 | const env: Record<string, string> = { 389 | ...(process.env as Record<string, string>), 390 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/dev/index.ts:1083 semgrep

Spreading entire process.env into an object — may capture all secrets 1081 | // Pass a clean env without PORT to prevent the inherited 1082 | // PORT (set to bunBackendPort) from leaking into gravity. > 1083 | env: { 1084 | ...process.env, 1085 | PORT: undefined,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.11

8 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:386 semgrep

Spreading entire process.env into an object — may capture all secrets 384 | 385 | // ── Normal mode: spawn pi with extension ── > 386 | const env: Record<string, string> = { 387 | ...(process.env as Record<string, string>), 388 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.10

8 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:328 semgrep

Spreading entire process.env into an object — may capture all secrets 326 | 327 | // ── Normal mode: spawn pi with extension ── > 328 | const env: Record<string, string> = { 329 | ...(process.env as Record<string, string>), 330 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.9

8 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:327 semgrep

Spreading entire process.env into an object — may capture all secrets 325 | 326 | // ── Normal mode: spawn pi with extension ── > 327 | const env: Record<string, string> = { 328 | ...(process.env as Record<string, string>), 329 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.8

8 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:327 semgrep

Spreading entire process.env into an object — may capture all secrets 325 | 326 | // ── Normal mode: spawn pi with extension ── > 327 | const env: Record<string, string> = { 328 | ...(process.env as Record<string, string>), 329 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.7

8 findings
HIGH env-spread: src/cmd/ai/opencode/run.ts:82 semgrep

Spreading entire process.env into an object — may capture all secrets 80 | const proc = Bun.spawn(['opencode', ...openCodeArgs], { 81 | stdio: ['inherit', 'inherit', 'inherit'], > 82 | env: { 83 | ...process.env, 84 | AGENTUITY_CODER_MODE: 'non-interactive',

HIGH env-spread: src/cmd/cloud/deploy-fork.ts:189 semgrep

Spreading entire process.env into an object — may capture all secrets 187 | cmd, 188 | cwd: projectDir, > 189 | env: { 190 | ...process.env, 191 | ...getAgentEnv(),

HIGH env-spread: src/cmd/coder/start.ts:411 semgrep

Spreading entire process.env into an object — may capture all secrets 409 | 410 | // ── Normal mode: spawn pi with extension ── > 411 | const env: Record<string, string> = { 412 | ...(process.env as Record<string, string>), 413 | AGENTUITY_CODER_HUB_URL: hubWsUrl,

HIGH env-spread: src/cmd/project/remote-import.ts:599 semgrep

Spreading entire process.env into an object — may capture all secrets 597 | stdout: 'inherit', 598 | stderr: 'inherit', > 599 | env: { 600 | ...process.env, 601 | },

HIGH dll-hijacking-commands: src/sound.ts:14 semgrep

DLL side-loading command detected — potential DLL hijacking 12 | break; 13 | case 'win32': > 14 | command = ['rundll32', 'user32.dll,MessageBeep', '0x00000040']; 15 | break; 16 | default:

HIGH env-spread: src/tui.ts:1607 semgrep

Spreading entire process.env into an object — may capture all secrets 1605 | const proc = Bun.spawn(cmd, { 1606 | cwd, > 1607 | env: { ...process.env, ...env }, 1608 | stdout: 'inherit', 1609 | stderr: 'inherit',

HIGH env-spread: src/tui.ts:1675 semgrep

Spreading entire process.env into an object — may capture all secrets 1673 | const proc = Bun.spawn(cmd, { 1674 | cwd, > 1675 | env: { ...process.env, ...env }, 1676 | stdout: 'pipe', 1677 | stderr: 'pipe',

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.112

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.111

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.110

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.109

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.108

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.107

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.106

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.105

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.104

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.103

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.102

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.101

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.100

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.99

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.98

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.97

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.96

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.95

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.94

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.