@cto.af/log — Greenflagged

A thin wrapper around [Pino](https://getpino.io/#/) to insulate multiple projects from the dependency, and to normalize a common pattern in those projects.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

hildjj

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:glob	AI (typosquat): Scoped package @cto.af/log; not impersonating glob. Levenshtein proximity is coincidental.	ai	2026/05/09
typosquat	typosquat.levenshtein:koa	AI (typosquat): Scoped package @cto.af/log; not impersonating koa. Levenshtein proximity is coincidental.	ai	2026/05/09
typosquat	typosquat.levenshtein:got	AI (typosquat): Scoped package @cto.af/log; not impersonating got. Levenshtein proximity is coincidental.	ai	2026/05/09
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped package @cto.af/log; not impersonating pg. Levenshtein proximity is coincidental.	ai	2026/05/09
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @cto.af/log; not impersonating joi. Levenshtein proximity is coincidental.	ai	2026/05/09
typosquat	typosquat.levenshtein:zod	AI (typosquat): Scoped package @cto.af/log; not impersonating zod. Levenshtein proximity is coincidental.	ai	2026/05/09
phantom-deps	phantom-dep:pino-pretty	AI (phantom-deps): pino-pretty is a declared dependency used as a pino transport; not directly imported in source but legitimately used.	ai	2026/05/09
phantom-deps	phantom-dep:@cto.af/utils	AI (phantom-deps): Same-org sibling package; likely used indirectly or re-exported. Stable false positive for this package.	ai	2026/05/09

Versions (showing 6 of 6)

Version	Deps	Published
2.0.0	3 / 0	2026-05-02
1.3.7	3 / 0	2026-04-15
1.3.6	3 / 0	2026-03-02
1.3.5	3 / 0	2026-03-02
1.3.4	3 / 0	2026-02-23
1.3.3	3 / 0	2025-11-12