@hoptrendy/sdk
TypeScript SDK for programmatic access to HopCode CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): Bundled ripgrep binaries are legitimate vendored CLI dependencies for a code assistant SDK. SLSA provenance attestation confirms supply chain integrity. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 0.27.10 | 2 / 9 | |
| 0.27.9 | 2 / 9 | |
| 0.27.8 | 2 / 9 | |
| 0.27.7 | 2 / 9 | |
| 0.27.1 | 2 / 9 | |
| 0.27.0 | 2 / 9 | |
| 0.26.2 | 2 / 9 | |
| 0.25.2 | 2 / 9 | |
| 0.24.2 | 2 / 9 | |
| 0.21.3 | 2 / 9 | |
| 0.21.1 | 2 / 9 | |
| 0.21.0 | 2 / 9 | |
| 0.17.5 | 2 / 10 | |
| 0.17.4 | 2 / 10 | |
| 0.17.3 | 2 / 10 | |
| 0.17.0 | 2 / 10 | |
| 0.16.0 | 2 / 10 | |
| 0.15.1 | 2 / 9 | |
| 0.14.41 | 2 / 9 | |
| 0.14.35 | 2 / 9 | |
| 0.14.34 | 2 / 9 | |
| 0.14.33 | 2 / 9 | |
| 0.14.32 | 2 / 9 | |
| 0.14.31 | 2 / 9 | |
| 0.14.30 | 2 / 9 | |
| 0.1.7 | 2 / 9 | |
| 0.1.6 | 2 / 9 |
v0.27.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.5
2 findingsPackage contains compiled binaries that could be backdoors: • dist/cli/vendor/ripgrep/arm64-darwin/rg • dist/cli/vendor/ripgrep/arm64-linux/rg • dist/cli/vendor/ripgrep/x64-darwin/rg • dist/cli/vendor/ripgrep/x64-linux/rg • dist/cli/vendor/ripgrep/x64-win32/rg.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.