@diplodoc/cli-tests No license 12 versions

@diplodoc/cli-tests

npm Repository Homepage

12

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

rndnmrobot-dataui-npmalexey_w1003y3martyanov-avvseshmakhnatkingoldsergseparatrix

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	url-dep:@diplodoc/cli	AI (npm-metadata): file:.. is a devDependency for local monorepo development; not shipped to consumers.	ai	2026/05/15
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with org-level CI migration.	ai	2026/05/15
bogus-package	bogus-package	AI (bogus-package): Test fixture package; missing metadata is expected for internal tooling.	ai	2026/05/15
dependencies	unvetted-dep:@diplodoc/liquid	AI (dependencies): Same-org dependency from diplodoc-platform; stable internal dep for this package.	ai	2026/04/30
npm-metadata	no-description	AI (npm-metadata): Test helper package; missing description is cosmetic and consistent across versions.	ai	2026/04/28
phantom-deps	phantom-dep:strip-ansi	AI (phantom-deps): Test utility package; strip-ansi used in test helpers by convention.	ai	2026/04/28
phantom-deps	phantom-dep:typescript	AI (phantom-deps): TypeScript is a build/dev tool loaded by convention, not directly imported.	ai	2026/04/28
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): Type definitions package; loaded by TypeScript compiler by convention.	ai	2026/04/28
phantom-deps	phantom-dep:@diplodoc/liquid	AI (phantom-deps): Same-org dependency used in test fixtures; stable false positive for this package.	ai	2026/04/28
phantom-deps	phantom-dep:@vitest/coverage-v8	AI (phantom-deps): Vitest coverage plugin loaded by framework convention, not directly imported.	ai	2026/04/28
phantom-deps	phantom-dep:@vitest/coverage-istanbul	AI (phantom-deps): Vitest coverage plugin loaded by framework convention, not directly imported.	ai	2026/04/28
phantom-deps	phantom-dep:ts-dedent	AI (phantom-deps): Test utility package; ts-dedent used in test files by convention.	ai	2026/04/28
phantom-deps	phantom-dep:js-yaml	AI (phantom-deps): Test utility package; js-yaml used in config/test files by convention.	ai	2026/04/28
phantom-deps	phantom-dep:glob	AI (phantom-deps): Test utility package; glob used in config/test files by convention.	ai	2026/04/28
semgrep	semgrep:env-spread	AI (semgrep): env-spread in bin.mjs is passing process.env to a child process in a test runner — standard and intentional pattern.	ai	2026/04/28

Versions (showing 12 of 116)

Version	Deps	Published
5.9.4	10 / 1	2025-09-08
5.9.3	10 / 1	2025-09-05
5.9.2	10 / 1	2025-09-05
5.9.1	10 / 1	2025-09-05
5.9.0	9 / 1	2025-09-04
5.8.4	9 / 1	2025-09-04
5.8.3	9 / 1	2025-09-03
5.8.2	9 / 1	2025-09-03
5.8.1	9 / 1	2025-09-02
5.8.0	9 / 1	2025-08-29
5.7.1	9 / 1	2025-08-28
5.7.0	9 / 1	2025-08-27

v5.9.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.9.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.9.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.9.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.8.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.7.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.