@flowrag/cli MIT 8 versions

@flowrag/cli

npm Repository Homepage

💻 Command-line interface for FlowRAG - index documents and search from your terminal

8

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

zweer

Keywords

flowragragtypescriptcliknowledge-graphvector-search

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@flowrag/presets	AI (phantom-deps): Same-org monorepo sibling; re-exported or used transitively by CLI.	ai	2026/05/24
phantom-deps	phantom-dep:@inquirer/prompts	AI (phantom-deps): Referenced in config; likely dynamically imported in compiled dist output.	ai	2026/05/24
phantom-deps	phantom-dep:@commander-js/extra-typings	AI (phantom-deps): Referenced in config; type-augmentation dep for commander.	ai	2026/05/24
phantom-deps	phantom-dep:@flowrag/core	AI (phantom-deps): Same-org monorepo sibling; re-exported or used transitively by CLI.	ai	2026/05/24
phantom-deps	phantom-dep:@flowrag/pipeline	AI (phantom-deps): Same-org monorepo sibling; re-exported or used transitively by CLI.	ai	2026/05/24
phantom-deps	phantom-dep:commander	AI (phantom-deps): commander is listed in dependencies and used via @commander-js/extra-typings; phantom-dep is a false positive here.	ai	2026/05/04
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package in a coherent FlowRAG monorepo; Levenshtein match to 'joi' is coincidental.	ai	2026/05/04

Versions (showing 8 of 8)

Version	Deps	Published
0.4.4	6 / 0	2026-04-30
0.4.3	6 / 0	2026-03-20
0.4.2	6 / 0	2026-03-20
0.4.1	6 / 0	2026-03-07
0.4.0	6 / 0	2026-03-07
0.3.1	6 / 0	2026-02-18
0.3.0	6 / 0	2026-02-16
0.1.0	6 / 0	2026-02-16

v0.4.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.