← Home

@kiploks/engine-cli

npm Repository Homepage

You can now run Freqtrade bot tests directly from the web interface with much less setup friction.

6
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dedalik

Keywords

algorithmic-tradingwalk-forward-analysiswfabacktestbacktest-validationtrading-strategyquantitative-financetypescriptkiploksopen-corerisk-metricsreproducible-analyticsout-of-sampletrading-research

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff source-size-tripled AI (source-diff): Size increase is from bundled React web UI assets, not injected payload. ai
phantom-deps phantom-dep:react AI (phantom-deps): React is a build/bundle dep for the Vite UI; not directly imported in TS source. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): react-dom is a build/bundle dep for the Vite UI; not directly imported in TS source. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a known implicit TypeScript runtime dep; phantom detection is a stable false positive here. ai
phantom-deps phantom-dep:postcss AI (phantom-deps): postcss is a Tailwind/Vite build tool dep; referenced in config files only. ai
source-diff obfuscated-file:dist/web/assets/index-DoK-Bsf4.js AI (source-diff): Standard Vite production bundle of React UI; minification is expected, not obfuscation. ai
phantom-deps phantom-dep:autoprefixer AI (phantom-deps): autoprefixer is a PostCSS plugin used at build time; not directly imported. ai
phantom-deps phantom-dep:@dedalik/use-react AI (phantom-deps): React hook library bundled into the Vite UI output; phantom detection is a false positive. ai
phantom-deps phantom-dep:@vitejs/plugin-react AI (phantom-deps): Vite plugin used in vite.config.mjs at build time; not directly imported in TS source. ai
phantom-deps phantom-dep:tailwindcss AI (phantom-deps): tailwindcss is a build-time CSS dep; referenced in config files only. ai

Versions (showing 6 of 6)

Version Deps Published
0.4.2 12 / 3
0.4.1 12 / 3
0.4.0 5 / 10
0.3.0 3 / 1
0.2.0 3 / 1
0.1.0 3 / 1

v0.4.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

2 findings
HIGH New obfuscated file: dist/web/assets/index-DoK-Bsf4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

2 findings
HIGH New obfuscated file: dist/web/assets/index-DoK-Bsf4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.