@mai0313/go_template MIT 7 versions

@mai0313/go_template

npm Repository Homepage

A production-ready Go project template to bootstrap new projects fast. It includes a clean Go module layout, Docker, and a complete CI/CD suite.

7

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mai0313

Keywords

cligogolangtemplatego-templateboilerplatestarter-kit

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package consistently published via GitHub Actions CI/CD with SLSA provenance; automated publisher is the intended workflow.	ai	2026/05/22
npm-metadata	bundled-binaries	AI (npm-metadata): Package is a Go CLI distributed via npm; bundled platform binaries are the intended distribution mechanism, confirmed by SLSA provenance.	ai	2026/04/28
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in bin/start.js to spawn the bundled Go binary — standard npm-wrapped native CLI pattern.	ai	2026/04/28

Versions (showing 7 of 7)

Version	Deps	Published
0.1.28	0 / 0	2026-05-21
0.1.27	0 / 0	2026-05-21
0.1.26	0 / 0	2026-05-11
0.1.25	0 / 0	2026-05-01
0.1.24	0 / 0	2026-04-25
0.1.23	0 / 0	2026-04-25
0.1.22	0 / 0	2026-04-24

v0.1.28

2 findings

HIGH Publisher changed: mai0313 → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.27

2 findings

HIGH Publisher changed: mai0313 → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.24

2 findings

HIGH Bundled binary files (6) npm-metadata

Package contains compiled binaries that could be backdoors: • binaries/linux-arm64-gnu/go_template • binaries/linux-x64-gnu/go_template • binaries/macos-arm64/go_template • binaries/macos-x64/go_template • binaries/windows-arm64/go_template.exe • binaries/windows-x64/go_template.exe

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.23

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.