← Home

@goldstack/template-hetzner-vps-cli

npm Repository Homepage

Utilities for packages that allows provisioning a Hetzner server with Docker

10
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mxro

Keywords

goldstackutilityinfrastructureIaCawsSESemailconfiguration

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Goldstack monorepo package; long gaps between releases are consistent with the project's release cadence across 77 versions. ai
dependencies unvetted-dep:@goldstack/infra-aws AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
dependencies unvetted-dep:@goldstack/utils-cli AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
dependencies unvetted-dep:@goldstack/utils-log AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
dependencies unvetted-dep:@goldstack/utils-package AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
dependencies unvetted-dep:@goldstack/utils-s3-deployment AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
dependencies unvetted-dep:@goldstack/utils-package-config AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
provenance no-provenance AI (provenance): Established monorepo package predating widespread provenance adoption; no other risk signals. ai
dependencies unvetted-dep:@goldstack/utils-sh AI (dependencies): Internal goldstack monorepo sibling dep; same org scope, stable pattern across versions. ai
phantom-deps phantom-dep:@aws-sdk/s3-request-presigner AI (phantom-deps): Framework-scoped AWS SDK dep loaded by convention in goldstack packages. ai
phantom-deps phantom-dep:@goldstack/infra-aws AI (phantom-deps): Same-org goldstack dep; loaded by framework convention. ai
phantom-deps phantom-dep:@goldstack/utils-s3-deployment AI (phantom-deps): Same-org goldstack dep; loaded by framework convention. ai
phantom-deps phantom-dep:source-map-support AI (phantom-deps): Referenced in config files; stable false positive for this package. ai
phantom-deps phantom-dep:@aws-sdk/client-iam AI (phantom-deps): Framework-scoped AWS SDK dep loaded by convention in goldstack packages. ai
phantom-deps phantom-dep:@aws-sdk/client-s3 AI (phantom-deps): Framework-scoped AWS SDK dep loaded by convention in goldstack packages. ai

Versions (showing 10 of 10)

Version Deps Published
0.1.80 16 / 10
0.1.77 16 / 10
0.1.74 16 / 10
0.1.71 16 / 10
0.1.68 16 / 10
0.1.63 16 / 10
0.1.60 16 / 10
0.1.46 16 / 11
0.1.45 16 / 11
0.1.44 16 / 11

v0.1.80

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.77

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.74

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.71

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.68

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.63

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.60

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.46

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.45

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.44

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.