@manypkg/cli
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:sembear | AI (dependencies): sembear is a semver utility from the same Thinkmill org; legitimate dependency. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Fires in a test file (run.test.ts), not in distributed runtime code; no secrets exposure risk. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @manypkg/cli; Levenshtein match to 'joi' is a false positive with no impersonation intent. | ai |
v0.25.1
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/Thinkmill/manypkg/blob/327e4ac7673134f4d49b8414679849daa2e2eaef/src/run.test.ts#L97 95 | nodeOptions: { 96 | cwd: path, > 97 | env: { 98 | ...process.env, 99 | NODE_OPTIONS: "--experimental-strip-types",
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/Thinkmill/manypkg/blob/fc5d5e0be9496841f4e528532697e741c86a5ed5/src/run.test.ts#L37 35 | nodeOptions: { 36 | cwd: f.find("basic-with-scripts"), > 37 | env: { 38 | ...process.env, 39 | NODE_OPTIONS: "--experimental-strip-types",
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.