@autifyhq/autify-cli-integration-test
Autify Command Line Interface (CLI) Integration Test
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@pollyjs/adapter-node-http | AI (dependencies): Part of the @pollyjs suite; stable dependency for this integration test package. | ai | |
| dependencies | unvetted-dep:@pollyjs/core | AI (dependencies): Well-known Netflix OSS HTTP mocking library; stable dependency for this integration test package. | ai | |
| dependencies | unvetted-dep:@pollyjs/persister | AI (dependencies): Part of the @pollyjs suite; stable dependency for this integration test package. | ai | |
| dependencies | unvetted-dep:@pollyjs/persister-fs | AI (dependencies): Part of the @pollyjs suite; stable dependency for this integration test package. | ai | |
| phantom-deps | phantom-dep:jest | AI (phantom-deps): jest is referenced in test scripts/config, not imported directly; stable false positive for this test package. | ai | |
| phantom-deps | phantom-dep:cross-env | AI (phantom-deps): cross-env is used in npm scripts, not imported; stable false positive. | ai | |
| phantom-deps | phantom-dep:strip-ansi | AI (phantom-deps): strip-ansi used in test utilities/config, not directly imported; stable false positive. | ai | |
| phantom-deps | phantom-dep:@pollyjs/persister | AI (phantom-deps): @pollyjs/persister is a base class dependency used indirectly; stable false positive for this package. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 0.73.2 | 11 / 7 | |
| 0.73.1 | 11 / 7 | |
| 0.73.0 | 11 / 7 | |
| 0.72.0 | 11 / 7 | |
| 0.70.0 | 11 / 7 | |
| 0.69.0 | 11 / 7 | |
| 0.68.0 | 11 / 7 | |
| 0.67.0 | 11 / 7 | |
| 0.66.0 | 11 / 7 | |
| 0.63.0 | 11 / 7 | |
| 0.62.0 | 11 / 7 | |
| 0.61.0 | 11 / 7 | |
| 0.60.0 | 11 / 7 |
v0.73.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.73.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.73.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.72.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.69.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.68.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.67.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.66.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.63.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.62.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.61.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.60.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.