@elisym/cli
CLI agent runner for elisym - provider mode, skills, crash recovery
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions publisher is confirmed legitimate by SLSA/Sigstore provenance attestation on this and likely future versions. | ai | |
| dependencies | unvetted-dep:@solana-program/memo | AI (dependencies): Standard Solana program library; consistent with this CLI's Solana/blockchain purpose across all versions. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): CLI tool; chalk likely used indirectly, stable false positive. | ai | |
| phantom-deps | phantom-dep:pino-pretty | AI (phantom-deps): pino-pretty is a pino transport, typically referenced via config string not direct import. | ai | |
| phantom-deps | phantom-dep:decimal.js-light | AI (phantom-deps): Likely used indirectly via SDK or Solana dependencies; stable false positive for this package. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): @elisym/cli is a scoped package for the elisym platform; Levenshtein match to 'joi' is coincidental. | ai | |
| phantom-deps | phantom-dep:@solana-program/token | AI (phantom-deps): Same as above; Solana program deps used indirectly. | ai | |
| phantom-deps | phantom-dep:@solana-program/system | AI (phantom-deps): Same as above; Solana program deps used indirectly. | ai | |
| phantom-deps | phantom-dep:@solana-program/memo | AI (phantom-deps): Solana program deps may be referenced via config/dynamic patterns; stable false positive. | ai | |
| phantom-deps | phantom-dep:ora | AI (phantom-deps): CLI tool; ora likely used indirectly via config/dynamic loading, stable false positive. | ai |
Versions (showing 66 of 66)
| Version | Deps | Published |
|---|---|---|
| 0.22.5 | 15 / 4 | |
| 0.22.4 | 15 / 4 | |
| 0.22.3 | 15 / 4 | |
| 0.22.1 | 15 / 4 | |
| 0.22.0 | 15 / 4 | |
| 0.21.3 | 15 / 4 | |
| 0.21.2 | 15 / 4 | |
| 0.21.1 | 15 / 4 | |
| 0.21.0 | 15 / 4 | |
| 0.20.0 | 15 / 4 | |
| 0.19.0 | 15 / 4 | |
| 0.18.1 | 15 / 4 | |
| 0.18.0 | 15 / 4 | |
| 0.17.2 | 15 / 4 | |
| 0.17.1 | 15 / 4 | |
| 0.17.0 | 15 / 4 | |
| 0.16.0 | 15 / 4 | |
| 0.15.1 | 15 / 4 | |
| 0.14.0 | 15 / 4 | |
| 0.13.0 | 15 / 4 | |
| 0.12.0 | 15 / 4 | |
| 0.11.5 | 15 / 4 | |
| 0.11.4 | 15 / 4 | |
| 0.11.3 | 15 / 4 | |
| 0.11.2 | 15 / 4 | |
| 0.11.1 | 15 / 4 | |
| 0.11.0 | 15 / 4 | |
| 0.10.0 | 15 / 4 | |
| 0.9.1 | 15 / 4 | |
| 0.9.0 | 15 / 4 | |
| 0.8.2 | 15 / 4 | |
| 0.8.1 | 15 / 4 | |
| 0.8.0 | 15 / 4 | |
| 0.7.10 | 15 / 4 | |
| 0.7.9 | 15 / 4 | |
| 0.7.8 | 15 / 4 | |
| 0.7.7 | 14 / 4 | |
| 0.7.6 | 14 / 4 | |
| 0.7.5 | 14 / 4 | |
| 0.7.4 | 14 / 4 | |
| 0.7.3 | 14 / 4 | |
| 0.7.2 | 14 / 4 | |
| 0.7.1 | 14 / 4 | |
| 0.7.0 | 15 / 4 | |
| 0.6.1 | 15 / 4 | |
| 0.6.0 | 15 / 4 | |
| 0.5.2 | 13 / 4 | |
| 0.5.1 | 13 / 4 | |
| 0.5.0 | 13 / 4 | |
| 0.4.0 | 11 / 4 | |
| 0.3.2 | 11 / 4 | |
| 0.3.1 | 11 / 4 | |
| 0.3.0 | 11 / 4 | |
| 0.2.5 | 11 / 4 | |
| 0.2.4 | 11 / 4 | |
| 0.2.3 | 11 / 4 | |
| 0.2.2 | 11 / 4 | |
| 0.2.1 | 11 / 4 | |
| 0.2.0 | 11 / 4 | |
| 0.1.6 | 11 / 4 | |
| 0.1.5 | 11 / 4 | |
| 0.1.4 | 11 / 4 | |
| 0.1.3 | 11 / 4 | |
| 0.1.2 | 11 / 4 | |
| 0.1.1 | 11 / 4 | |
| 0.1.0 | 11 / 4 |
v0.22.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.2
2 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.