← Home

@gct-paas/build

npm Repository

paas 平台核心包

13
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

neko-chilyanngct-chinawangcheng0920jiantang0506

Keywords

paasgct

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@rollup/plugin-typescript AI (phantom-deps): Rollup plugin loaded by convention in build tooling; stable pattern. ai
phantom-deps phantom-dep:esbuild AI (phantom-deps): Known implicit binary dependency for build tooling; stable pattern for this package. ai
phantom-deps phantom-dep:@babel/core AI (phantom-deps): Framework-scoped build dep loaded by convention; stable for this build tooling package. ai
phantom-deps phantom-dep:@babel/preset-env AI (phantom-deps): Framework-scoped build dep loaded by convention; stable for this build tooling package. ai
phantom-deps phantom-dep:@rollup/plugin-babel AI (phantom-deps): Rollup plugin loaded by convention in build tooling; stable pattern. ai
phantom-deps phantom-dep:@rollup/plugin-eslint AI (phantom-deps): Rollup plugin loaded by convention in build tooling; stable pattern. ai
phantom-deps phantom-dep:rollup-plugin-postcss AI (phantom-deps): Rollup plugin loaded by convention in build tooling; stable pattern. ai
phantom-deps phantom-dep:eslint AI (phantom-deps): Build tooling package; eslint is a peer/config dep loaded by convention, not directly imported. ai
dependencies unvetted-dep:vite-plugin-static-copy AI (dependencies): Common vite plugin; expected in a build tooling package. ai
dependencies unvetted-dep:stylelint-config-recess-order AI (dependencies): Well-known stylelint config; expected in a linting/build tooling package. ai
dependencies unvetted-dep:stylelint-config-standard-scss AI (dependencies): Well-known stylelint config; expected in a linting/build tooling package. ai
phantom-deps phantom-dep:@gct-paas/scss AI (phantom-deps): Same-org peer dependency declared in peerDependencies; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@module-federation/vite AI (phantom-deps): Referenced in config files as expected for a build tooling package; not a real phantom dep. ai
dependencies unvetted-dep:@module-federation/vite AI (dependencies): Standard vite plugin dependency for a build tooling package; not a malware indicator. ai
phantom-deps phantom-dep:@vue/compiler-sfc AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
typosquat typosquat.levenshtein:uuid AI (typosquat): Scoped @gct-paas/build is a PaaS build toolkit, not a typosquat of uuid. ai
phantom-deps phantom-dep:stylelint-config-standard-scss AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:@commitlint/config-conventional AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:stylelint-config-recess-order AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
typosquat typosquat.levenshtein:esbuild AI (typosquat): Scoped @gct-paas/build is a PaaS build toolkit, not a typosquat of esbuild. ai
phantom-deps phantom-dep:ora AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:sass AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:crypto AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:terser AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:core-js AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:cssnano AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:vue-tsc AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:commander AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:fast-glob AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:stylelint-scss AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:@commitlint/cli AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai
phantom-deps phantom-dep:@inquirer/prompts AI (phantom-deps): Build meta-package; deps are re-exported tools, not directly imported in source. ai

Versions (showing 13 of 13)

Version Deps Published
0.1.17 44 / 10
0.1.16 44 / 10
0.1.15 44 / 10
0.1.14 44 / 10
0.1.13 44 / 10
0.1.12 44 / 10
0.1.11 44 / 10
0.1.10 44 / 10
0.1.9 44 / 10
0.1.8 44 / 10
0.1.7 44 / 10
0.1.6 45 / 10
0.1.4 52 / 10

v0.1.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.