@amplitude/wizard MIT 15 versions

@amplitude/wizard

npm Repository Homepage

The Amplitude wizard helps you to configure your project

15

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

curtisbliukelson.warnerbrian.giorisdk.devjjwang123

Keywords

amplitudewizardsdkcliprojectsetupinstallconfigure

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): ai/@ai-sdk/anthropic are established Vercel AI SDK packages; addition is consistent with documented LLM feature work.	ai	2026/05/28
provenance	missing-githead	AI (provenance): SLSA provenance attestation present; gitHead absence is a minor metadata gap, not a supply-chain risk for this package.	ai	2026/05/13
dependencies	unvetted-dep:client-oauth2	AI (dependencies): client-oauth2 is a legitimate OAuth2 library appropriate for an auth-capable CLI wizard; stable use for this package.	ai	2026/05/02
phantom-deps	phantom-dep:inquirer	AI (phantom-deps): Bundled CLI; inquirer referenced in config/compiled output.	ai	2026/04/29
phantom-deps	phantom-dep:magicast	AI (phantom-deps): Bundled CLI; magicast referenced in config/compiled output.	ai	2026/04/29
phantom-deps	phantom-dep:recast	AI (phantom-deps): Bundled CLI; recast referenced in config/compiled output.	ai	2026/04/29
phantom-deps	phantom-dep:client-oauth2	AI (phantom-deps): OAuth flow for wizard; referenced in config files as expected.	ai	2026/04/29
phantom-deps	phantom-dep:pkce-challenge	AI (phantom-deps): PKCE OAuth flow; indirect reference in bundled output.	ai	2026/04/29
phantom-deps	phantom-dep:xcode	AI (phantom-deps): Wizard supports iOS/Xcode project setup; indirect reference expected.	ai	2026/04/29
phantom-deps	phantom-dep:@langchain/core	AI (phantom-deps): LLM-based wizard; langchain used indirectly in bundled output.	ai	2026/04/29
phantom-deps	phantom-dep:zod-to-json-schema	AI (phantom-deps): Schema tooling for LLM integration; indirect reference in bundled output.	ai	2026/04/29
phantom-deps	phantom-dep:@amplitude/analytics-browser	AI (phantom-deps): Same org; analytics-browser used indirectly in bundled CLI output.	ai	2026/04/29
phantom-deps	phantom-dep:randomstring	AI (phantom-deps): Used in OAuth/PKCE flow; indirect reference in bundled output.	ai	2026/04/29
phantom-deps	phantom-dep:glob	AI (phantom-deps): CLI tool; glob likely used transitively or in bundled output.	ai	2026/04/29
phantom-deps	phantom-dep:lodash	AI (phantom-deps): Bundled CLI; lodash used indirectly via compiled output.	ai	2026/04/29

Versions (showing 15 of 15)

Version	Deps	Published
1.18.2	34 / 28	2026-05-28
1.18.1	34 / 28	2026-05-28
1.18.0	34 / 28	2026-05-28
1.17.0	40 / 32	2026-05-09
1.15.0	38 / 31	2026-05-01
1.13.3	38 / 31	2026-04-30
1.13.2	38 / 31	2026-04-30
1.13.1	38 / 31	2026-04-30
1.11.0	38 / 31	2026-04-30
1.10.0	39 / 31	2026-04-30
1.8.1	39 / 31	2026-04-29
1.7.0	39 / 31	2026-04-26
1.3.0	39 / 30	2026-04-18
1.1.0	32 / 28	2026-04-14
1.0.0	32 / 28	2026-04-14

v1.18.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.13.3

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.13.2

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.13.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.11.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.10.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.8.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.