@kb-labs/cli-bin — Greenflagged

KB Labs CLI tool for project management and automation

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

k.baranov

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Publisher has 1099 approved packages; likely a CI environment change rather than a supply chain concern.	ai	2026/05/26
dependencies	unvetted-dep:@kb-labs/plugin-manifest	AI (dependencies): link: protocol monorepo workspace dep; not a registry dependency, no supply-chain risk.	ai	2026/05/22
phantom-deps	phantom-dep:@kb-labs/core-config	AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a stable false positive.	ai	2026/04/28
phantom-deps	phantom-dep:glob	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:yaml	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:semver	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:chokidar	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:colorette	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:cli-table3	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:@kb-labs/core-sandbox	AI (phantom-deps): Same-org dep consumed transitively in bundled output; stable false positive.	ai	2026/04/28
phantom-deps	phantom-dep:@kb-labs/plugin-runtime	AI (phantom-deps): Same-org dep consumed transitively in bundled output; stable false positive.	ai	2026/04/28
phantom-deps	phantom-dep:@kb-labs/shared-command-kit	AI (phantom-deps): Same-org dep consumed transitively in bundled output; stable false positive.	ai	2026/04/28
phantom-deps	phantom-dep:zod	AI (phantom-deps): Same as above — bundled CLI pattern.	ai	2026/04/28
phantom-deps	phantom-dep:ajv	AI (phantom-deps): Bundled CLI; deps consumed transitively, not directly imported. Stable false positive for this package.	ai	2026/04/28

Versions (showing 51 of 79)

View all versions

Version	Deps	Published
2.94.0	18 / 8	2026-04-28
2.93.0	18 / 8	2026-04-28
2.89.2	18 / 8	2026-04-25
2.89.1	18 / 8	2026-04-25
2.89.0	18 / 8	2026-04-25
2.88.0	18 / 8	2026-04-25
2.87.0	18 / 8	2026-04-24
2.82.0	18 / 8	2026-04-21
2.81.0	18 / 8	2026-04-21
2.80.0	18 / 8	2026-04-21
2.79.0	18 / 8	2026-04-21
2.78.0	18 / 8	2026-04-21
2.77.0	18 / 8	2026-04-21
2.76.0	18 / 8	2026-04-21
2.75.0	18 / 8	2026-04-21
2.74.0	18 / 8	2026-04-21
2.73.0	18 / 8	2026-04-21
2.72.0	18 / 8	2026-04-21
2.69.0	18 / 8	2026-04-21
2.68.0	18 / 8	2026-04-21
2.67.0	18 / 8	2026-04-21
2.66.0	18 / 8	2026-04-21
2.65.0	18 / 8	2026-04-21
2.64.0	18 / 8	2026-04-20
2.63.0	18 / 8	2026-04-20
2.62.0	18 / 8	2026-04-20
2.61.0	18 / 8	2026-04-20
2.60.0	18 / 8	2026-04-19
2.59.0	18 / 8	2026-04-19
2.58.0	18 / 8	2026-04-19
2.57.0	18 / 8	2026-04-19
2.56.0	18 / 8	2026-04-19
2.55.0	18 / 8	2026-04-19
2.54.0	18 / 8	2026-04-19
2.53.0	18 / 8	2026-04-18
2.47.0	18 / 8	2026-04-18
2.46.0	18 / 8	2026-04-18
2.45.0	18 / 8	2026-04-18
2.44.0	18 / 8	2026-04-18
2.43.0	18 / 8	2026-04-17
2.42.0	18 / 8	2026-04-17
2.41.0	18 / 8	2026-04-17
2.40.0	18 / 8	2026-04-16
2.39.0	18 / 8	2026-04-16
2.38.0	18 / 8	2026-04-16
2.37.0	18 / 8	2026-04-16
2.36.0	18 / 8	2026-04-15
2.35.0	18 / 8	2026-04-15
2.34.0	18 / 8	2026-04-14
2.33.0	18 / 8	2026-04-14
2.32.0	18 / 8	2026-04-14