@extend-ai/cli Apache-2.0 4 versions

@extend-ai/cli

npm Repository Homepage

Command-line interface for Extend

Versions

Apache-2.0

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

extend.aigus-extend

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
install-scripts	install-script:postinstall	AI (install-scripts): Standard platform-binary-selection postinstall pattern; matches esbuild/biome style distribution with SLSA provenance.	ai	2026/05/06
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @extend-ai/cli has no meaningful similarity to 'joi'; Levenshtein match is a false positive.	ai	2026/05/06
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in cli-wrapper.cjs to invoke the platform binary — expected for a CLI wrapper package.	ai	2026/05/06

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node install.cjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node install.cjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node install.cjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.