← Home

@aurodesignsystem/auro-cli

npm Repository Homepage

A cli tool to support the Auro Design System

10
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

capsule42dale.sandeblackfalconbraven112jordanjones243dougalaskarmenner-aa

Keywords

alaska airlinesaurodesign systemweb components

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@custom-elements-manifest/analyzer AI (phantom-deps): CEM analyzer loaded via config convention; stable false positive for this CLI. ai
phantom-deps phantom-dep:azure-devops-node-api AI (phantom-deps): Referenced in config/scripts; CLI tool pattern of convention-based loading. ai
phantom-deps phantom-dep:@wc-toolkit/cem-sorter AI (phantom-deps): New dep added in this version; loaded via config convention, not direct import. ai
phantom-deps phantom-dep:@rollup/plugin-typescript AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable for this package. ai
phantom-deps phantom-dep:@rollup/plugin-node-resolve AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable for this package. ai
phantom-deps phantom-dep:@aurodesignsystem/auro-library AI (phantom-deps): Same org scope; loaded by convention in CLI tooling. ai
dependencies unvetted-dep:rollup-plugin-scss-lit AI (dependencies): Legitimate rollup plugin for SCSS-in-LitElement; stable build tooling dependency for this design system CLI. ai
dependencies unvetted-dep:@open-wc/dev-server-hmr AI (dependencies): Well-known open-wc dev tooling package; expected dependency for a web components design system CLI. ai
phantom-deps phantom-dep:@web/dev-server-rollup AI (phantom-deps): CLI tool bundles deps via esbuild; static import analysis is a false positive for this package. ai
phantom-deps phantom-dep:rollup-plugin-scss-lit AI (phantom-deps): CLI tool bundles deps via esbuild; static import analysis is a false positive for this package. ai
phantom-deps phantom-dep:web-component-analyzer AI (phantom-deps): CLI tool bundles deps via esbuild; static import analysis is a false positive for this package. ai
phantom-deps phantom-dep:@open-wc/dev-server-hmr AI (phantom-deps): CLI tool bundles deps via esbuild; static import analysis is a false positive for this package. ai
phantom-deps phantom-dep:rollup-plugin-dts AI (phantom-deps): CLI tool bundles deps via esbuild; static import analysis is a false positive for this package. ai
phantom-deps phantom-dep:gradient-string AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@open-wc/testing AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@web/test-runner AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:ora AI (phantom-deps): CLI tool ships config templates; deps referenced in configs, not direct imports. Stable pattern for this package. ai
phantom-deps phantom-dep:@npmcli/package-json AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@rollup/plugin-terser AI (phantom-deps): Framework-scoped; config-template pattern for this CLI. ai
phantom-deps phantom-dep:@wc-toolkit/jsx-types AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@babel/preset-env AI (phantom-deps): Framework-scoped; config-template pattern for this CLI. ai
phantom-deps phantom-dep:glob AI (phantom-deps): Same as above — config-template pattern, not a real phantom dep issue. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:table AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:figlet AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:inquirer AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:commander AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:simple-git AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@octokit/rest AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:markdown-table AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@actions/github AI (phantom-deps): Config-template pattern; stable for this CLI package. ai
phantom-deps phantom-dep:@web/dev-server AI (phantom-deps): Config-template pattern; stable for this CLI package. ai

Versions (showing 10 of 10)

Version Deps Published
3.6.0 30 / 9
3.5.0 30 / 9
3.3.1 29 / 9
3.1.1 26 / 9
3.1.0 24 / 9
3.0.4 24 / 8
3.0.3 24 / 8
3.0.2 24 / 8
3.0.1 22 / 16
3.0.0 22 / 16

v3.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.