@automattic/commands GPL-2.0-or-later 13 versions

@automattic/commands

npm Repository Homepage

Command palette components powered by cmdk

13

Versions

GPL-2.0-or-later

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

macbreyuliyanmjangdamatticbota8cbloweryehg_sgomestyxlasaroshaganejclovrencicsirbrilligchriszaraterobersongomesjohngodleyjehervedaledupreez-a8ct2dw4tluismulinariandrea-sdlelazzabifmfernandessirrealwwachihsuanmanzoorwanijkmsurdi-a8cnewspack-npmdsmartgkthai15bgrgicakrobertsreberski_a8cartpigmjuhaszkat3samsinbrunobastodhenridevmrmurphywpvip-botetobiesenalshakeroarthur791004diliritymehmoodaknatalia.vidalivan.ottingeranandnalyaarcangelinisretrofoxfredrikekelundchriskmndsoandregalgalatanovidiukangzj_mirka_aduthebuccelli

Keywords

automatticcmdkcommand-palettecommandsreact

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Automattic package transitioned to GitHub Actions CI publishing; SLSA attestation confirms legitimate CI/CD origin.	ai	2026/05/16
typosquat	typosquat.levenshtein:commander	AI (typosquat): Scoped @automattic package; Levenshtein match to 'commander' is coincidental, not impersonation.	ai	2026/04/29

Versions (showing 13 of 13)

Version	Deps	Published
0.10.0	4 / 17	2026-05-21
0.9.0	4 / 17	2026-05-20
0.8.0	4 / 17	2026-05-18
0.7.0	4 / 17	2026-05-13
0.6.1	4 / 17	2026-05-11
0.6.0	4 / 17	2026-05-11
0.5.0	4 / 17	2026-05-07
0.4.2	4 / 17	2026-05-04
0.4.1	4 / 17	2026-05-01
0.4.0	4 / 17	2026-05-01
0.3.0	4 / 17	2026-05-01
0.2.0	4 / 17	2026-04-30
0.1.0	4 / 17	2026-04-27

v0.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-13) provenance

This version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.1

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-11) provenance

This version was published by a different npm account than previous versions on 2026-05-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-11) provenance

This version was published by a different npm account than previous versions on 2026-05-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-07) provenance

This version was published by a different npm account than previous versions on 2026-05-07. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-04) provenance

This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-01) provenance

This version was published by a different npm account than previous versions on 2026-05-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-01) provenance

This version was published by a different npm account than previous versions on 2026-05-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-05-01) provenance

This version was published by a different npm account than previous versions on 2026-05-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

2 findings

HIGH Publisher changed: a8c → GitHub Actions (on 2026-04-30) provenance

This version was published by a different npm account than previous versions on 2026-04-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.