← Home

@airtable/blocks-cli

npm Homepage

Official command line tool for Airtable blocks development

6
Versions
UNLICENSED
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

richsinns2tephenkevinwilde-atclementhoang-atwillpowelsonatblakethomson-atnabeelairtablelarsj-atcarolinekimatduretti-atjonathan.xiepatrickliu-atderekwu-atjeffreychen-atmatthewzhuo-atllarry

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@airtable/blocks-webpack-bundler AI (dependencies): First-party Airtable package replacing the equivalent esbuild bundler; consistent with org's package namespace. ai
semgrep semgrep:child-process-import AI (semgrep): CLI dev tool legitimately spawns build/run subprocesses; expected pattern. ai
semgrep semgrep:dynamic-require AI (semgrep): Loads user-specified bridge/entry paths at runtime; core CLI functionality. ai
phantom-deps phantom-dep:@types/npm AI (phantom-deps): Type-only package referenced by convention, not directly imported. ai
semgrep semgrep:base64-decode AI (semgrep): Hardcoded 1x1 GIF pixel in base64; not a payload, stable for this package. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): Referenced in tsconfig/build scripts, not directly imported in source. ai
phantom-deps phantom-dep:@oclif/config AI (phantom-deps): oclif framework loads this by convention via oclif.manifest.json config. ai
phantom-deps phantom-dep:@oclif/plugin-help AI (phantom-deps): oclif plugin loaded by framework convention, not direct import. ai
phantom-deps phantom-dep:@types/tar AI (phantom-deps): Type-only package, not directly imported at runtime. ai

Versions (showing 6 of 6)

Version Deps Published
3.0.3 23 / 41
3.0.2 23 / 41
3.0.1 23 / 41
3.0.0 23 / 41
2.0.12 23 / 41
2.0.11 23 / 41

v3.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.