@aliou/pi-guardrails

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 39 | it("ignores interpreter inline code", async () => { 40 | const result = await extractBashPathCandidates( > 41 | "python3 -c 'open(\"/etc/passwd\").read()'", 42 | CWD, 43 | );

Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 66 | 67 | it("ignores interpreter inline code", () => { > 68 | expect(tokens("python3", ["-c", 'open("/etc/passwd")'])).toEqual([]); 69 | }); 70 |

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Accessing SSH keys — strong indicator of credential theft 259 | enabled: false, 260 | patterns: [ > 261 | { pattern: "~/.ssh/**" }, 262 | { pattern: "~/.ssh/*_rsa" }, 263 | { pattern: "~/.ssh/*_ed25519" },

Accessing SSH keys — strong indicator of credential theft 260 | patterns: [ 261 | { pattern: "~/.ssh/**" }, > 262 | { pattern: "~/.ssh/*_rsa" }, 263 | { pattern: "~/.ssh/*_ed25519" }, 264 | { pattern: "~/.ssh/*.pem" },

Accessing SSH keys — strong indicator of credential theft 261 | { pattern: "~/.ssh/**" }, 262 | { pattern: "~/.ssh/*_rsa" }, > 263 | { pattern: "~/.ssh/*_ed25519" }, 264 | { pattern: "~/.ssh/*.pem" }, 265 | ],

Accessing SSH keys — strong indicator of credential theft 262 | { pattern: "~/.ssh/*_rsa" }, 263 | { pattern: "~/.ssh/*_ed25519" }, > 264 | { pattern: "~/.ssh/*.pem" }, 265 | ], 266 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }],

Accessing SSH keys — strong indicator of credential theft 264 | { pattern: "~/.ssh/*.pem" }, 265 | ], > 266 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }], 267 | protection: "noAccess", 268 | onlyIfExists: true,

Accessing credential directories suggests credential harvesting 290 | enabled: false, 291 | patterns: [ > 292 | { pattern: "~/.gnupg/**" }, 293 | { pattern: "~/*.gpg" }, 294 | { pattern: "~/.gpg-agent.conf" },

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Accessing SSH keys — strong indicator of credential theft 251 | enabled: false, 252 | patterns: [ > 253 | { pattern: "~/.ssh/**" }, 254 | { pattern: "~/.ssh/*_rsa" }, 255 | { pattern: "~/.ssh/*_ed25519" },

Accessing SSH keys — strong indicator of credential theft 252 | patterns: [ 253 | { pattern: "~/.ssh/**" }, > 254 | { pattern: "~/.ssh/*_rsa" }, 255 | { pattern: "~/.ssh/*_ed25519" }, 256 | { pattern: "~/.ssh/*.pem" },

Accessing SSH keys — strong indicator of credential theft 253 | { pattern: "~/.ssh/**" }, 254 | { pattern: "~/.ssh/*_rsa" }, > 255 | { pattern: "~/.ssh/*_ed25519" }, 256 | { pattern: "~/.ssh/*.pem" }, 257 | ],

Accessing SSH keys — strong indicator of credential theft 254 | { pattern: "~/.ssh/*_rsa" }, 255 | { pattern: "~/.ssh/*_ed25519" }, > 256 | { pattern: "~/.ssh/*.pem" }, 257 | ], 258 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }],

Accessing SSH keys — strong indicator of credential theft 256 | { pattern: "~/.ssh/*.pem" }, 257 | ], > 258 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }], 259 | protection: "noAccess", 260 | onlyIfExists: true,

Accessing credential directories suggests credential harvesting 282 | enabled: false, 283 | patterns: [ > 284 | { pattern: "~/.gnupg/**" }, 285 | { pattern: "~/*.gpg" }, 286 | { pattern: "~/.gpg-agent.conf" },

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Accessing SSH keys — strong indicator of credential theft 232 | enabled: false, 233 | patterns: [ > 234 | { pattern: "~/.ssh/**" }, 235 | { pattern: "~/.ssh/*_rsa" }, 236 | { pattern: "~/.ssh/*_ed25519" },

Accessing SSH keys — strong indicator of credential theft 233 | patterns: [ 234 | { pattern: "~/.ssh/**" }, > 235 | { pattern: "~/.ssh/*_rsa" }, 236 | { pattern: "~/.ssh/*_ed25519" }, 237 | { pattern: "~/.ssh/*.pem" },

Accessing SSH keys — strong indicator of credential theft 234 | { pattern: "~/.ssh/**" }, 235 | { pattern: "~/.ssh/*_rsa" }, > 236 | { pattern: "~/.ssh/*_ed25519" }, 237 | { pattern: "~/.ssh/*.pem" }, 238 | ],

Accessing SSH keys — strong indicator of credential theft 235 | { pattern: "~/.ssh/*_rsa" }, 236 | { pattern: "~/.ssh/*_ed25519" }, > 237 | { pattern: "~/.ssh/*.pem" }, 238 | ], 239 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }],

Accessing SSH keys — strong indicator of credential theft 237 | { pattern: "~/.ssh/*.pem" }, 238 | ], > 239 | allowedPatterns: [{ pattern: "~/.ssh/*.pub" }], 240 | protection: "noAccess", 241 | onlyIfExists: true,

Accessing credential directories suggests credential harvesting 263 | enabled: false, 264 | patterns: [ > 265 | { pattern: "~/.gnupg/**" }, 266 | { pattern: "~/*.gpg" }, 267 | { pattern: "~/.gpg-agent.conf" },

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aliou.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

This version was published by a different npm account than previous versions on 2026-02-02. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

This version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

This version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

This version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

This version was published by a different npm account than previous versions on 2026-01-25. This could indicate a legitimate maintainer transition or an account compromise.

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.