@matter/nodejs-shell Apache-2.0 16 versions

@matter/nodejs-shell

npm Repository Homepage

Shell app for Matter controller

16

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

apollon77lauckhartballoob

Keywords

iothome automationmattersmart device

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@matter/protocol	AI (phantom-deps): Package uses Node.js import maps (#protocol alias); not a direct import but a legitimate runtime dependency pattern for this monorepo.	ai	2026/05/30
phantom-deps	phantom-dep:@matter/nodejs-ble	AI (phantom-deps): Same import-map pattern; stable false positive for this monorepo package.	ai	2026/05/30
dependencies	unvetted-dep:@matter/tools	AI (dependencies): Same @matter org monorepo; versioned consistently with all other @matter/* deps in this package.	ai	2026/05/29
phantom-deps	phantom-dep:@matter/node	AI (phantom-deps): Used via package.json imports remapping (#node alias); not a direct import but is a real dependency.	ai	2026/04/28
phantom-deps	phantom-dep:@matter/nodejs	AI (phantom-deps): Used via package.json imports remapping (#nodejs alias); not a direct import but is a real dependency.	ai	2026/04/28
phantom-deps	phantom-dep:@matter/model	AI (phantom-deps): Used via package.json imports remapping (#model alias); not a direct import but is a real dependency.	ai	2026/04/28
phantom-deps	phantom-dep:@matter/tools	AI (phantom-deps): Same-org build tooling dependency; used indirectly via build scripts, not direct imports.	ai	2026/04/28

Versions (showing 16 of 16)

Version	Deps	Published
0.17.1	10 / 0	2026-06-03
0.17.0	10 / 0	2026-05-20
0.16.11	11 / 0	2026-04-10
0.16.10	11 / 0	2026-02-22
0.16.9	11 / 0	2026-02-16
0.16.8	11 / 0	2026-01-30
0.16.6	11 / 0	2026-01-22
0.16.5	11 / 0	2026-01-16
0.16.3	11 / 0	2026-01-15
0.16.1	11 / 0	2026-01-13
0.16.0	11 / 0	2026-01-12
0.15.5	11 / 0	2025-10-07
0.15.4	11 / 0	2025-09-20
0.15.3	11 / 0	2025-08-01
0.15.2	11 / 0	2025-07-27
0.14.0	11 / 0	2025-06-04

v0.17.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.17.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.