← Home

@cognigy/cognigy-cli

npm Repository Homepage

Cognigy Command Line Interface

25
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mayrbenjamin92pedilykwintodshirelkolappcatharsis68cu4nt0mx.jordarchhetri-cognigyfkhalidlucasdssramosf.asadjortegadiazcognigymastasky

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:- AI (dependencies): The '-' package (0.0.1) is a known benign npm placeholder; stable false positive for this package. ai
phantom-deps phantom-dep:- AI (phantom-deps): Corresponds to the '-' placeholder package; not a real import concern. ai
phantom-deps phantom-dep:pdfjs AI (phantom-deps): Optional parser dependency; stable false positive for this feature-rich CLI package. ai
phantom-deps phantom-dep:cheerio AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:express AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:js-yaml AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:mammoth AI (phantom-deps): Optional parser dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:pdf-parse AI (phantom-deps): Optional parser dependency; stable false positive for this CLI package. ai
bogus-package bogus-package AI (bogus-package): Established Cognigy enterprise CLI with 91 versions and SLSA provenance; README style is not indicative of spam. ai
phantom-deps phantom-dep:d3-dsv AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:jsonpointer AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:srt-parser-2 AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:@langchain/core AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:@istanbuljs/nyc-config-typescript AI (phantom-deps): Dev/test dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:os AI (phantom-deps): Node built-in polyfill listed as dep; stable false positive for this CLI package. ai
phantom-deps phantom-dep:playwright AI (phantom-deps): Optional dependency; stable false positive for this CLI package. ai
phantom-deps phantom-dep:epub2 AI (phantom-deps): Optional parser dependency; stable false positive for this feature-rich CLI package. ai

Versions (showing 25 of 25)

Version Deps Published
2.2.8 33 / 27
2.2.7 33 / 27
2.2.6 33 / 27
2.2.5 33 / 27
2.2.4 33 / 27
2.2.3 33 / 27
2.2.2 33 / 27
2.0.6 34 / 26
2.0.5 34 / 26
2.0.4 34 / 26
2.0.3 34 / 26
2.0.2 34 / 26
2.0.1 34 / 26
2.0.0 34 / 26
1.9.16 34 / 26
1.9.15 34 / 26
1.9.14 34 / 26
1.9.13 34 / 26
1.9.12 34 / 26
1.9.11 34 / 26
1.9.10 34 / 26
1.9.9 34 / 26
1.9.8 34 / 26
1.9.7 34 / 26
1.9.6 33 / 26

v2.2.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.