@mariozechner/pi-tui
Terminal User Interface library with differential rendering for efficient text-based applications
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): chalk is a declared dependency in a TUI library; phantom-dep flag is a code hygiene issue, not a security risk for this package. | ai | |
| phantom-deps | phantom-dep:mime-types | AI (phantom-deps): mime-types is a declared dependency; phantom-dep flag is a code hygiene issue, not a security risk for this package. | ai | |
| phantom-deps | phantom-dep:@types/mime-types | AI (phantom-deps): @types/mime-types is a type declaration package; phantom-dep flag is expected and not a security concern. | ai |
Versions (showing 51 of 309)
| Version | Deps | Published |
|---|---|---|
| 0.73.1 | 5 / 2 | |
| 0.72.1 | 5 / 2 | |
| 0.72.0 | 5 / 2 | |
| 0.71.1 | 5 / 2 | |
| 0.71.0 | 5 / 2 | |
| 0.70.6 | 5 / 2 | |
| 0.70.5 | 5 / 2 | |
| 0.70.4 | 5 / 2 | |
| 0.70.3 | 5 / 2 | |
| 0.70.2 | 5 / 2 | |
| 0.70.1 | 5 / 2 | |
| 0.70.0 | 5 / 2 | |
| 0.69.0 | 5 / 2 | |
| 0.68.1 | 5 / 2 | |
| 0.68.0 | 5 / 2 | |
| 0.67.68 | 5 / 2 | |
| 0.67.67 | 5 / 2 | |
| 0.67.6 | 5 / 2 | |
| 0.67.3 | 5 / 2 | |
| 0.67.2 | 5 / 2 | |
| 0.67.1 | 5 / 2 | |
| 0.67.0 | 5 / 2 | |
| 0.66.1 | 5 / 2 | |
| 0.66.0 | 5 / 2 | |
| 0.65.2 | 5 / 2 | |
| 0.65.1 | 5 / 2 | |
| 0.65.0 | 5 / 2 | |
| 0.64.0 | 5 / 2 | |
| 0.63.2 | 5 / 2 | |
| 0.63.1 | 5 / 2 | |
| 0.63.0 | 5 / 2 | |
| 0.62.0 | 5 / 2 | |
| 0.61.1 | 5 / 2 | |
| 0.61.0 | 5 / 2 | |
| 0.60.0 | 5 / 2 | |
| 0.59.0 | 5 / 2 | |
| 0.58.4 | 5 / 2 | |
| 0.58.3 | 5 / 2 | |
| 0.58.1 | 5 / 2 | |
| 0.58.0 | 5 / 2 | |
| 0.57.1 | 5 / 2 | |
| 0.57.0 | 5 / 2 | |
| 0.56.3 | 5 / 2 | |
| 0.56.2 | 5 / 2 | |
| 0.56.1 | 5 / 2 | |
| 0.56.0 | 5 / 2 | |
| 0.55.4 | 6 / 2 | |
| 0.55.3 | 6 / 2 | |
| 0.55.2 | 6 / 2 | |
| 0.55.1 | 6 / 2 | |
| 0.55.0 | 6 / 2 |
v0.73.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.70.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.69.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.64.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.63.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.63.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.63.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.62.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.60.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.59.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.