← Home

@cc-pulseline/cc-pulseline

npm Repository Homepage

High-performance multi-line statusline for Claude Code with deep observability

4
Versions
MIT
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

gregoryho

Keywords

claudestatuslineclaude-codecliobservability

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:postinstall AI (install-scripts): Postinstall selects platform-specific prebuilt binary from optional deps; standard pattern for native CLI tools. ai
semgrep semgrep:child-process-import AI (semgrep): child_process used in CLI bin wrapper to spawn native binary; expected for this package type. ai

Versions (showing 4 of 4)

Version Deps Published
1.1.5 0 / 0
1.1.1 0 / 0
1.1.0 0 / 0
1.0.0 0 / 0

v1.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.