← Home

@extend-ai/cli-linux-x64

npm Repository Homepage

Native binary for @extend-ai/cli (linux-x64)

11
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

extend.aigus-extend

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from personal account to GitHub Actions with SLSA attestation is a legitimate CI/CD migration for this package. ai
npm-metadata bundled-binaries AI (npm-metadata): Platform-specific CLI binary package; bundled binary is the entire purpose of this package, mitigated by SLSA provenance. ai

Versions (showing 11 of 11)

Version Deps Published
0.3.1 0 / 0
0.3.0 0 / 0
0.2.0 0 / 0
0.1.18 0 / 0
0.1.17 0 / 0
0.1.16 0 / 0
0.1.15 0 / 0
0.1.14 0 / 0
0.1.13 0 / 0
0.1.12 0 / 0
0.1.11 0 / 0

v0.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.18

2 findings
HIGH Publisher changed: extend.ai → GitHub Actions (on 2026-05-16) provenance

This version was published by a different npm account than previous versions on 2026-05-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.17

2 findings
HIGH Publisher changed: extend.ai → GitHub Actions (on 2026-05-14) provenance

This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.15

2 findings
HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • bin/extend

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.