← Home

@anolilab/semantic-release-pnpm

npm Repository Homepage

Semantic-release plugin to publish a npm package with pnpm.

7
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

prisis

Keywords

anolilabnpmpnpmpublishmonoreposemantic-releasesemantic-release-pluginsemantic-release-pnpmregistrynpmjsnpm-registrypackage-managerworkspaceworkspacestrusted-publishingotpauthenticationnpm-publishpackage-publishrelease-pluginci-cdautomation

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@anolilab/rc AI (dependencies): Same-author org dependency; consistent across versions of this package. ai
dependencies unvetted-dep:@visulima/fs AI (dependencies): Same-author org dependency (@visulima); stable pattern for this package. ai
dependencies unvetted-dep:@visulima/path AI (dependencies): Same-author org dependency (@visulima); stable pattern for this package. ai
dependencies unvetted-dep:@visulima/package AI (dependencies): Same-author org dependency (@visulima); stable pattern for this package. ai

Versions (showing 7 of 7)

Version Deps Published
8.1.14 13 / 0
8.1.13 13 / 0
8.1.12 13 / 0
8.1.11 13 / 0
8.1.10 13 / 0
8.1.6 13 / 0
7.0.0 13 / 0

v8.1.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.