← Home

@aliou/pi-neuralwatt

npm Repository Homepage

![banner](https://assets.aliou.me/pi-extensions/banners/pi-neuralwatt.png)

10
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

aliou

Keywords

pi-packagepi-extensionpi

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation; legitimate CI/CD publishing pattern for this org. ai
publish-pattern new-deps-added AI (publish-pattern): New deps are same-org @aliou/* packages, consistent with internal utility library split. ai
source-diff source-size-tripled AI (source-diff): Growth from 15B stub to 51KB real implementation; consistent with initial feature development. ai
phantom-deps phantom-dep:@aliou/pi-utils-ui AI (phantom-deps): Same-org scoped dep; phantom-dep heuristic fires because it's not directly imported in this extension package. ai

Versions (showing 10 of 10)

Version Deps Published
0.5.2 2 / 10
0.5.1 2 / 10
0.5.0 2 / 10
0.4.2 2 / 10
0.4.1 2 / 10
0.2.0 2 / 10
0.1.2 2 / 10
0.1.1 2 / 10
0.1.0 2 / 10
0.0.1 0 / 0

v0.5.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

2 findings
HIGH Publisher changed: aliou → GitHub Actions (on 2026-04-20) provenance

This version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

2 findings
HIGH Publisher changed: aliou → GitHub Actions (on 2026-04-20) provenance

This version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.