@goldstack/template-ssr-cli
CLI tools for server-side rendering template
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@goldstack/utils-package-config | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-package | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-template | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-aws-lambda | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-s3-deployment | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/infra | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-sh | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/infra-aws | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-cli | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-log | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@goldstack/utils-docker | AI (dependencies): Same-org sibling package in goldstack monorepo; stable pattern across all versions. | ai | |
| phantom-deps | phantom-dep:@goldstack/utils-docker | AI (phantom-deps): Same-org dep; phantom-dep heuristic fires on intra-monorepo packages consistently. | ai | |
| phantom-deps | phantom-dep:@goldstack/utils-template | AI (phantom-deps): Same-org dep; phantom-dep heuristic fires on intra-monorepo packages consistently. | ai | |
| phantom-deps | phantom-dep:@goldstack/template-ssr-server | AI (phantom-deps): Same-org dep; phantom-dep heuristic fires on intra-monorepo packages consistently. | ai | |
| phantom-deps | phantom-dep:source-map-support | AI (phantom-deps): source-map-support is a common runtime dep referenced in tsconfig/config; stable false positive for this package. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 0.3.121 | 19 / 10 | |
| 0.3.118 | 19 / 10 | |
| 0.3.117 | 19 / 10 | |
| 0.3.116 | 19 / 10 | |
| 0.3.115 | 19 / 10 | |
| 0.3.103 | 19 / 10 | |
| 0.3.90 | 19 / 12 | |
| 0.3.89 | 19 / 12 | |
| 0.3.84 | 19 / 12 | |
| 0.3.81 | 19 / 12 | |
| 0.3.80 | 19 / 12 | |
| 0.3.71 | 19 / 12 |
v0.3.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.71
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.