@ind-rcg/modeler-sfdx-cli-plugin

This plugin is an enhancement of the sfdx cli and provide you features to customize the Consumer Goods Cloud Mobility application. This version will be the replacement for the Consumer Goods Mobile Modeler which was hosted on a Windows Server machine.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

asifshahabpmathew-ire-npm-userire-npm-team-user

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:chalk	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:jszip	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:xpath	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:klaw-sync	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:decompress	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:eta	AI (phantom-deps): Compiled oclif plugin; deps used via lib output, not direct TS imports.	ai	2026/05/27
phantom-deps	phantom-dep:rxjs	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:@oclif/core	AI (phantom-deps): Core oclif dep used via manifest/config, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:cross-spawn	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:@xmldom/xmldom	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:latest-version	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:@ind-rcg/backend	AI (phantom-deps): Same-org sibling package; stable false positive for this package.	ai	2026/05/27
phantom-deps	phantom-dep:@salesforce/core	AI (phantom-deps): Salesforce core dep used via oclif config, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:@inquirer/prompts	AI (phantom-deps): Same pattern — compiled output, not direct import.	ai	2026/05/27
phantom-deps	phantom-dep:@ind-rcg/framework	AI (phantom-deps): Same-org sibling package; stable false positive.	ai	2026/05/27
phantom-deps	phantom-dep:@ind-rcg/generator	AI (phantom-deps): Same-org sibling package; stable false positive.	ai	2026/05/27
phantom-deps	phantom-dep:@salesforce/sf-plugins-core	AI (phantom-deps): Salesforce plugin dep used via oclif config, not direct import.	ai	2026/05/27

Versions (showing 2 of 2)

Version	Deps	Published
260.1024.0	19 / 15	2026-04-22
260.1022.0	19 / 15	2026-01-21

v260.1024.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v260.1022.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.