@davidsneighbour/release-config MIT 6 versions

@davidsneighbour/release-config

npm Repository Homepage

Release script configuration for @davidsneighbour's projects

6

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

davidsneighbour

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:simple-git-hooks	AI (dependencies): simple-git-hooks is a legitimate, widely-used git hooks manager; appropriate for a release-config package.	ai	2026/05/24
phantom-deps	phantom-dep:simple-git-hooks	AI (phantom-deps): Referenced in config files, not imported directly; expected pattern for a release-config package.	ai	2026/05/18
phantom-deps	phantom-dep:@davidsneighbour/tools	AI (phantom-deps): Same-org dependency; phantom-dep heuristic is a stable false positive here.	ai	2026/05/18
phantom-deps	phantom-dep:commit-and-tag-version	AI (phantom-deps): Used via wireit scripts, not direct import; expected for a release-config package.	ai	2026/05/18

Versions (showing 6 of 6)

Version	Deps	Published
2026.0.5	3 / 0	2026-05-02
2026.0.4	3 / 0	2026-04-02
2026.0.3	3 / 0	2026-03-06
2026.0.2	3 / 0	2026-02-17
2026.0.1	3 / 0	2026-02-01
2025.3.9	3 / 0	2026-01-04

v2026.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2025.3.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.