@google/gemini-cli-core
Gemini CLI Core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:proper-lockfile | AI (phantom-deps): Config-referenced utility; stable pattern for this package. | ai | |
| npm-metadata | url-dep:get-ripgrep | AI (npm-metadata): File-path dep is intentional monorepo vendoring by Google; stable pattern for this package. | ai | |
| dependencies | unvetted-dep:get-ripgrep | AI (dependencies): Monorepo-internal vendored dep (file:../../third_party/get-ripgrep); not a registry bypass risk for this Google-published package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large version jump (0.3.3→0.5.1) from an active Google project; file growth is expected. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): Google-published CLI tool; new deps are established utilities with clear purpose. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): WebSocket dependency loaded conditionally; typical for CLI tools with optional features. | ai | |
| phantom-deps | phantom-dep:fast-uri | AI (phantom-deps): URI parsing dependency referenced in config; expected for Google Cloud integration. | ai | |
| phantom-deps | phantom-dep:@types/glob | AI (phantom-deps): Type package loaded by convention; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@opentelemetry/resource-detector-gcp | AI (phantom-deps): OpenTelemetry GCP detector loaded conditionally; expected for Google Cloud CLI. | ai | |
| dependencies | unvetted-dep:fast-levenshtein | AI (dependencies): fast-levenshtein is a well-known, widely-used string distance utility with no malicious history; safe for this package. | ai | |
| dependencies | unvetted-dep:systeminformation | AI (dependencies): systeminformation is a popular, legitimate system info library with millions of weekly downloads; no active advisories or malicious signals. | ai | |
| provenance | no-provenance | AI (provenance): Google-published package via google-wombot automation; lack of Sigstore provenance is common and not a disqualifier for this established publisher. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): Large CLI tool; dotenv may be used in bundled/generated code or loaded by convention. Not a security concern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Legitimate Google Gemini CLI core package with proper GitHub repo. README link density reflects extensive documentation links, not a phishing link farm. | ai | |
| phantom-deps | phantom-dep:@bufbuild/protobuf | AI (phantom-deps): Used by gRPC/protobuf stack; may be loaded transitively or via dynamic import in this ESM package. | ai | |
| phantom-deps | phantom-dep:@types/html-to-text | AI (phantom-deps): Type-only package; framework-scoped, loaded by convention as noted by the analyzer. | ai | |
| phantom-deps | phantom-dep:puppeteer-core | AI (phantom-deps): Browser automation is a documented feature of Gemini CLI; may be loaded conditionally or via dynamic import. | ai | |
| phantom-deps | phantom-dep:marked | AI (phantom-deps): Markdown rendering is expected in a CLI tool; may be used indirectly or in bundled output. | ai |
Versions (showing 51 of 64)
| Version | Deps | Published |
|---|---|---|
| 0.45.0 | 69 / 9 | |
| 0.44.1 | 69 / 9 | |
| 0.44.0 | 69 / 9 | |
| 0.43.0 | 69 / 9 | |
| 0.40.1 | 68 / 9 | |
| 0.40.0 | 68 / 9 | |
| 0.39.1 | 67 / 9 | |
| 0.39.0 | 67 / 9 | |
| 0.38.0 | 66 / 9 | |
| 0.37.2 | 66 / 9 | |
| 0.37.0 | 66 / 9 | |
| 0.36.0 | 66 / 9 | |
| 0.35.3 | 66 / 9 | |
| 0.35.2 | 66 / 9 | |
| 0.35.1 | 66 / 9 | |
| 0.29.1 | 50 / 8 | |
| 0.28.2 | 50 / 8 | |
| 0.27.1 | 49 / 8 | |
| 0.22.4 | 48 / 10 | |
| 0.22.2 | 48 / 10 | |
| 0.21.3 | 48 / 10 | |
| 0.20.1 | 48 / 10 | |
| 0.19.4 | 48 / 10 | |
| 0.19.3 | 48 / 10 | |
| 0.19.1 | 48 / 10 | |
| 0.19.0 | 48 / 10 | |
| 0.18.3 | 48 / 10 | |
| 0.18.0 | 48 / 10 | |
| 0.17.1 | 48 / 10 | |
| 0.16.0 | 48 / 10 | |
| 0.15.4 | 48 / 10 | |
| 0.15.0 | 48 / 10 | |
| 0.14.0 | 48 / 10 | |
| 0.11.2 | 45 / 10 | |
| 0.11.0 | 45 / 10 | |
| 0.8.1 | 43 / 10 | |
| 0.5.1 | 39 / 10 | |
| 0.3.3 | 38 / 9 | |
| 0.3.1 | 38 / 9 | |
| 0.2.2 | 35 / 9 | |
| 0.2.1 | 35 / 9 | |
| 0.2.0 | 35 / 9 | |
| 0.1.22 | 34 / 9 | |
| 0.1.21 | 31 / 9 | |
| 0.1.20 | 31 / 9 | |
| 0.1.19 | 31 / 9 | |
| 0.1.18 | 29 / 9 | |
| 0.1.17 | 27 / 7 | |
| 0.1.16 | 27 / 7 | |
| 0.1.15 | 26 / 7 | |
| 0.1.14 | 26 / 7 |
v0.45.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.39.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.37.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.35.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.35.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.35.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.21.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.20.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.