← Home

@baseplate-dev/plugin-ai

npm Repository Homepage

AI agent integration plugin for Baseplate — generates AGENTS.md, CLAUDE.md, .mcp.json, and .agents/ configuration files

4
Versions
MPL-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kingtam2000

Keywords

baseplatecode-generationfull-stackpluginaiagentsmcptypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/ui-components-B07HCOxC.js AI (source-diff): Standard Vite module-federation minified bundle with source map; code samples show legitimate UI library code. ai
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-BEoACZXa.js AI (source-diff): Standard Vite module-federation minified bundle with source map; code samples show legitimate library code. ai
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-DQAPSZRY.js AI (source-diff): Standard Vite module-federation bundle artifact; minified lines are normal build output for this package. ai
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/ui-components-MqpmUdhv.js AI (source-diff): Standard Vite module-federation bundle artifact; minified lines are normal build output for this package. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Used in bundled Vite federation output, not direct source imports. ai
phantom-deps phantom-dep:@baseplate-dev/utils AI (phantom-deps): Same-org dep used transitively in build output. ai
phantom-deps phantom-dep:react-hook-form AI (phantom-deps): Used in bundled Vite federation output, not direct source imports. ai
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-D_5bUoqQ.js AI (source-diff): Vite federation bundle of sibling package; standard minified build output. ai
source-diff obfuscated-file:dist/web/assets/__federation_shared_@baseplate-dev/ui-components-BU0YFAI_.js AI (source-diff): Vite federation bundle of sibling UI components; standard minified build output. ai
provenance publisher-changed AI (provenance): Moved from manual to GitHub Actions CI/CD publishing with SLSA provenance. ai
bogus-package bogus-package AI (bogus-package): Scoped org package under halfdomelabs/baseplate; stub/placeholder pattern is expected for this ecosystem. ai

Versions (showing 4 of 4)

Version Deps Published
0.6.9 10 / 17
0.6.8 10 / 17
0.6.7 10 / 17
0.0.1 0 / 0

v0.6.9

4 findings
HIGH Publisher changed: kingtam2000 → GitHub Actions (on 2026-04-27) provenance

This version was published by a different npm account than previous versions on 2026-04-27. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-D_5bUoqQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/ui-components-BU0YFAI_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.8

4 findings
HIGH Publisher changed: kingtam2000 → GitHub Actions (on 2026-04-07) provenance

This version was published by a different npm account than previous versions on 2026-04-07. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-BEoACZXa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/ui-components-B07HCOxC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.7

4 findings
HIGH Publisher changed: kingtam2000 → GitHub Actions (on 2026-04-01) provenance

This version was published by a different npm account than previous versions on 2026-04-01. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/project-builder-lib-DQAPSZRY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/web/assets/__federation_shared_@baseplate-dev/ui-components-MqpmUdhv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.