@equinor/fusion-framework-cli
Command-line toolkit for developing, building, and publishing Fusion Framework applications and portal templates. Provides a unified developer experience from local development to production deployment.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:vite | AI (phantom-deps): vite is a CLI build tool dependency; phantom-dep false positive for this package. | ai | |
| dependencies | unvetted-dep:@equinor/fusion-imports | AI (dependencies): Same Equinor org monorepo dependency; consistent pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@equinor/fusion-framework-module-azure-identity | AI (dependencies): Same Equinor org monorepo dependency; consistent pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@equinor/fusion-framework-vite-plugin-raw-imports | AI (dependencies): Same Equinor org monorepo dependency; consistent pattern across all versions of this package. | ai | |
| phantom-deps | phantom-dep:simple-git | AI (phantom-deps): Same pattern; config-file reference. | ai | |
| phantom-deps | phantom-dep:@types/inquirer | AI (phantom-deps): Type-only package; loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:is-mergeable-object | AI (phantom-deps): Config-file reference; stable false positive. | ai | |
| phantom-deps | phantom-dep:execa | AI (phantom-deps): CLI tool; deps referenced in config/build files, not direct imports — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@equinor/fusion-framework-dev-portal | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:@equinor/fusion-framework-vite-plugin-raw-imports | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:vite-tsconfig-paths | AI (phantom-deps): Vite plugin loaded by config convention, not direct import. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): Same pattern; config-file reference, not a missing import. | ai | |
| phantom-deps | phantom-dep:find-up | AI (phantom-deps): Same pattern; config-file reference. | ai | |
| phantom-deps | phantom-dep:inquirer | AI (phantom-deps): Same pattern; config-file reference. | ai |
Versions (showing 55 of 55)
| Version | Deps | Published |
|---|---|---|
| 15.1.0 | 22 / 25 | |
| 15.0.6 | 22 / 25 | |
| 15.0.5 | 22 / 25 | |
| 15.0.4 | 22 / 25 | |
| 15.0.3 | 22 / 25 | |
| 15.0.2 | 22 / 25 | |
| 15.0.1 | 22 / 25 | |
| 15.0.0 | 22 / 25 | |
| 14.2.7 | 22 / 25 | |
| 14.2.5 | 22 / 25 | |
| 14.2.3 | 22 / 25 | |
| 14.2.0 | 22 / 25 | |
| 14.1.1 | 22 / 25 | |
| 14.1.0 | 22 / 25 | |
| 14.0.3 | 22 / 25 | |
| 14.0.2 | 21 / 26 | |
| 14.0.1 | 21 / 26 | |
| 14.0.0 | 21 / 26 | |
| 13.3.18 | 20 / 29 | |
| 13.3.17 | 20 / 29 | |
| 13.3.16 | 20 / 29 | |
| 13.3.15 | 20 / 29 | |
| 13.3.14 | 20 / 29 | |
| 13.3.13 | 20 / 29 | |
| 13.3.12 | 20 / 29 | |
| 13.3.11 | 20 / 29 | |
| 13.3.10 | 20 / 29 | |
| 13.3.9 | 20 / 29 | |
| 13.3.8 | 20 / 29 | |
| 13.3.7 | 20 / 29 | |
| 13.3.6 | 20 / 29 | |
| 13.3.5 | 20 / 29 | |
| 13.3.4 | 20 / 29 | |
| 13.3.3 | 20 / 29 | |
| 13.3.2 | 20 / 29 | |
| 13.3.1 | 20 / 29 | |
| 13.3.0 | 20 / 29 | |
| 13.2.1 | 20 / 29 | |
| 13.2.0 | 20 / 29 | |
| 13.1.1 | 20 / 29 | |
| 13.1.0 | 19 / 28 | |
| 13.0.1 | 19 / 28 | |
| 13.0.0 | 19 / 24 | |
| 12.5.1 | 17 / 24 | |
| 12.4.6 | 17 / 24 | |
| 12.4.5 | 17 / 24 | |
| 12.4.4 | 17 / 24 | |
| 12.4.3 | 17 / 24 | |
| 12.4.2 | 17 / 24 | |
| 12.4.1 | 17 / 24 | |
| 12.4.0 | 17 / 24 | |
| 12.3.10 | 17 / 24 | |
| 12.3.9 | 17 / 24 | |
| 12.3.8 | 17 / 24 | |
| 12.3.7 | 17 / 24 |
v15.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v15.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.2.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v14.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.3.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.3.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.3.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.3.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.