@goldstack/template-user-management-cli

Command line tools for User Management template

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mxro

Keywords

goldstackutilityinfrastructurecognitoawsIaCconfiguration

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@goldstack/utils-package-config	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-cli	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-log	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-docker	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-package	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-template	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-aws-lambda	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/infra	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/utils-sh	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
dependencies	unvetted-dep:@goldstack/infra-aws	AI (dependencies): Same-org monorepo dependency; stable pattern across all versions of this package.	ai	2026/05/18
phantom-deps	phantom-dep:@goldstack/utils-log	AI (phantom-deps): Same-org monorepo dep; phantom detection is a stable false positive for this package.	ai	2026/05/18
provenance	no-provenance	AI (provenance): Established monorepo package; lack of Sigstore provenance is consistent across all 108 versions.	ai	2026/05/18
phantom-deps	phantom-dep:@goldstack/utils-sh	AI (phantom-deps): Same-org scoped package; may be used transitively or in build scripts. Stable FP.	ai	2026/05/03
phantom-deps	phantom-dep:@goldstack/utils-docker	AI (phantom-deps): Same-org scoped package; stable FP for this goldstack monorepo package.	ai	2026/05/03
phantom-deps	phantom-dep:@goldstack/utils-template	AI (phantom-deps): Same-org scoped package; stable FP for this goldstack monorepo package.	ai	2026/05/03
phantom-deps	phantom-dep:source-map-support	AI (phantom-deps): source-map-support is a common runtime dep referenced in tsconfig/config files; stable false positive for this package.	ai	2026/05/03

Versions (showing 30 of 30)

Version	Deps	Published
0.1.111	15 / 10	2026-05-01
0.1.110	15 / 10	2026-05-01
0.1.108	15 / 10	2026-04-16
0.1.107	15 / 10	2026-04-15
0.1.106	15 / 10	2026-04-15
0.1.105	15 / 10	2026-04-14
0.1.103	15 / 10	2026-04-08
0.1.102	15 / 10	2026-04-08
0.1.101	15 / 10	2026-04-06
0.1.99	15 / 10	2026-04-02
0.1.98	15 / 10	2026-03-31
0.1.96	15 / 10	2026-03-27
0.1.92	15 / 10	2026-03-17
0.1.91	15 / 10	2026-03-14
0.1.89	15 / 10	2026-02-24
0.1.86	15 / 10	2026-01-24
0.1.83	15 / 11	2026-01-13
0.1.81	15 / 12	2026-01-13
0.1.75	15 / 12	2025-12-31
0.1.72	15 / 12	2025-11-27
0.1.71	15 / 12	2025-11-27
0.1.70	15 / 12	2025-11-27
0.1.68	15 / 12	2025-11-25
0.1.66	15 / 12	2025-11-19
0.1.65	15 / 12	2025-11-16
0.1.62	15 / 12	2025-09-27
0.1.61	15 / 12	2025-09-27
0.1.60	15 / 12	2025-09-27
0.1.59	15 / 12	2025-08-05
0.1.58	15 / 12	2025-07-16